Create a Post
Showing results for 
Search instead for 
Did you mean: 

Unusual HTTPS request from security gateway logged on Smart Console

Good day,

I have discovered what appears to be an unusual issue on our security gateways (R81.10) that may be related to HTTPS inspection.

When one of our internal devices communicates to a specific external destination (the only destination its allowed to communicate to) over HTTPS. The logs show 3 entries - 1 for the accept, 1 for the HTTPS inspection bypass, but one other uncommon one from the active gateway node to the same destination over HTTPS. The expected outgoing packet is NAT'd as expected, and the packet from the gateway is NAT'd to the VIP address. These packets are all logged with the same time.

The firewall guy at the destination end is seeing traffic from both of the NAT'd IPs indicating that that traffic is actually going out our gateway to the remote end.

We have another internal device that connects to a specific destination out the same interface over https and it too is showing the same additional https packet from the gateway.

Other HTTPS traffic through the same interface does not generate the same extra packet.

Here's an anonymized excerpt from the logs:

TimeBladeActionTypeInterfaceOriginSourceSource User NameDestinationServiceRuleAccess Rule NamePolicy NameDescription
2023-06-19 11:17FirewallAcceptConnectionethXgateway2Node1 ( Protection Accept Cleanup RuleStandard 
2023-06-19 11:17HTTPS InspectionHTTPS BypassLog gateway2Node1 (  Standard 
2023-06-19 11:17FirewallAcceptConnectionethY.1234gateway2gateway2 (x.x.x.x) Rule Standard 


If anyone has an idea of why this is happening, that would be great. Haven't noticed this behavior in the past.


0 Kudos
1 Reply

This is part of our SNI verification process and is expected behavior.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events