This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Hainich
Collaborator
2 weeks ago
Jump to solution

R82 outbound ssl inspection - custom applications are not working

hi, 

within R82 i couldnt bypass any custom-applications. only categories are working in my lab.

any ideas?

 

daniel

Preview file
109 KB
0 Kudos
1 Solution

Accepted Solutions
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

we can do another remote, but its working now and i did the same as you and in the other configurations before. the only change is the base from pnetlab to eve-ng - whats basically are the same...

View solution in original post

0 Kudos
17 Replies
the_rock
Legend
Legend
2 weeks ago
Jump to solution

Hey Daniel,

I saw what you showed me via zoom remote session and indeed that is the case. Since I had to delete my R82 lab to do something else, let me try re-create it again and test. Will keep you posted.

Andy

0 Kudos
the_rock
Legend
Legend
2 weeks ago
Jump to solution

Hey Daniel,

Just tested in R82 lab with *heise* and worked fine, was not inspected, but rather bypassed, as it should have been. I did not add any additional categories.

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

i killed my lab and build it from scratch. 1 win11, 1x R82 SMS and GW on one machine. its the same behaviour.

i activated urlf,appi,anti-bot and anti-virus blades. https is setup with CP generated certificate.

my lab is setup with pnetlab/eve-ng but this should not be the problem - or?

it looks like the application is not recognized as custom application and thats why the bypass rule isnt matching.

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Really odd, thats what I used as well, eve-ng. Only difference compared to before was I used vmxnet NIC type, other than 1000e, but Im positive that would not matter.

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

i changed nic to vmxnet3. but it is the same.

 

telekom_bypass.pngtelekom_inspect.png

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Weird...now it shows its inspecting business/economy category. Did you bypass those?

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

when i bypass those categories than it works. but this site is not categorized as custom... i tried it also with other sites. always the same. 

iam running on trial lic - can this be the problem?

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Hm, now that I think about it...MAYBE. Send me the IP address of the gw, I can send you an eval.

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

192.168.1.250

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Emailed you the info directly.

Andy

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Hey mate,

Let me know if eval worked for you. If not, lets do remote like yesterday. I got time later on. I know its after hours in Germany now, but if you are around, not an issue.

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

hi andy, your lic was not working. the sms part was missing so i couldnt install policy. i created a new lic and the system is now fully licensed. but it is not working.

i wiped my pnetlab installation and rebuild it from scratch with eve-ng community edition. it is working out of the box with trial lic.

i setup the sms and gw the same way before with pnetlab. this is really strange. i cant understand whats the difference between both tools.  @the_rock 

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

Right, license failed as I generated it for the gateway, sorry, I remembered just now. Btw, I cant tell the difference, but in my lab, I did EXACTLY the same thing as in R81.20 and worked fine.

Can we do another remote?

Andy

0 Kudos
Daniel_Hainich
Collaborator
2 weeks ago
In response to the_rock
Jump to solution

we can do another remote, but its working now and i did the same as you and in the other configurations before. the only change is the base from pnetlab to eve-ng - whats basically are the same...

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Daniel_Hainich
Jump to solution

I misunderstood, okay...if thats the case, glad it works, no need for remote. Im really sorry mate, I dont have a logical answer as to why it did not work before, apologies.

Andy

0 Kudos
(1)
Daniel_Hainich
Collaborator
a week ago
In response to the_rock
Jump to solution

i forgot to install the T40 Hotfix. now its running fine on pnetlab and all is working

0 Kudos
the_rock
Legend
Legend
a week ago
In response to Daniel_Hainich
Jump to solution

I would still test it with jumbo 40, make sure it works.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events