This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Hainich
Advisor
‎2024-09-13 06:54 AM

SSL Outbound Inspection Bypass for www.telekom.de

hi, i need to bypass www.telekom.de in https inspection.

i tried *.telekom.de, www.telekom.de  as custom application. but none of them is working. traffic is still inspected.

what iam doing wrong?

 

thanks

daniel

0 Kudos
16 Replies
the_rock
Legend
Legend
‎2024-09-13 07:16 AM

I just tested it in my lab and I put *telekom.de* and worked fine.

Andy

0 Kudos
Daniel_Hainich
Advisor
‎2024-09-13 07:25 AM
In response to the_rock

i tried it with *telekom.de* and it is not working. iam running R81.20 take 84

0 Kudos
the_rock
Legend
Legend
‎2024-09-13 07:29 AM
In response to Daniel_Hainich

I think something may had been cashed. I just tried it on my iphone, site does not even come up, so looks like its website issue, NOT ssl inspection problem.

Andy

0 Kudos
Daniel_Hainich
Advisor
‎2024-09-13 07:36 AM
In response to the_rock

i think in the same direction, because some other sites i set on bypass are working. only this site isnt working. i opened the site on different devices, and the site is looking different on each device.

on monday i try it on my r82 lab. maybe they can fix it over the weekend.

0 Kudos
the_rock
Legend
Legend
‎2024-09-13 07:38 AM
In response to Daniel_Hainich

Just for my own sanity, I even connected to Germany via nordvpn account and even then, I could NOT get to the site and Im talking about my personal desktop at home.

I tried below:

telekom.de

https://www.telekom.de

www.telekom.de

Same issue, nothing worked.

Andy

(1)
Daniel_Hainich
Advisor
‎2024-09-13 07:43 AM
In response to the_rock

thank your for the help!

0 Kudos
the_rock
Legend
Legend
‎2024-09-13 07:47 AM
In response to Daniel_Hainich

Sure, any time mate. That is why Im 100% sure its not an issue with the fw/ssl inspection, based on the test I had done. I even tried same method from my personal laptop, exact same result.

That alone, without any doubt, tells me its website problem.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-09-13 07:49 AM
In response to Daniel_Hainich

This site works fine and seems to be totally legit/valid.

Andy

 

Screenshot_1.png

0 Kudos
Daniel_Hainich
Advisor
‎2024-09-16 02:03 AM
In response to the_rock

hi,

today i checked the exception again in my R82 lab. iam not able to configure an bypass for certain sites.

example: www.heise.de and www.telekom.de

what iam doing wrong?

i defined the custom applications as described here: https://support.checkpoint.com/results/sk/sk165094

 

thanks

daniel

 

 

Preview file
62 KB
Preview file
67 KB
Preview file
57 KB
Preview file
62 KB
Preview file
59 KB
Preview file
176 KB
0 Kudos
the_rock
Legend
Legend
‎2024-09-16 04:07 AM
In response to Daniel_Hainich

Heise site works fine for me, no issues. Im sure telekom.de is broken, if it ever worked.

Andy

0 Kudos
Daniel_Hainich
Advisor
‎2024-09-16 04:22 AM
In response to the_rock

but why heise istn working in my lab. the bypass rules are not working. until i disable the inspection-rule, all traffic will be inspected. i tried my regex and without. do you have an idea?

0 Kudos
the_rock
Legend
Legend
‎2024-09-16 04:27 AM
In response to Daniel_Hainich

Btw, Im in Canada est, so 6 hours behind you, just starting my day. Happy to do remote and fix it for you. I do ssl inspection issues all the time, so Im confident we can figure it out.

Let me know.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-09-16 04:47 AM
In response to Daniel_Hainich

I dont have an idea until I saw your environment, sorry. Only other thing I could go by would be to make sure below is set and also if you can send the log showing why it fails.

Andy

 

Screenshot_1.png

0 Kudos
the_rock
Legend
Legend
‎2024-09-16 04:26 AM
In response to Daniel_Hainich

*heise.de* has to work, I tested it myself. What does traffic log show?

Andy

0 Kudos
Daniel_Hainich
Advisor
‎2024-09-16 04:58 AM
In response to the_rock

 
Preview file
116 KB
Preview file
230 KB
0 Kudos
the_rock
Legend
Legend
‎2024-09-16 05:01 AM
In response to Daniel_Hainich

Lets do remote if you are allowed to. I got a feeling its not working because of what I pointed out.

Andy

 

Screenshot_1.png

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events