This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2024-01-15 05:57 AM

Url filtering detects

Hi All,

I have an R81.10 security gateway in VSX mode, and URL/Application filtering is enabled. The URL is explicitly allowed in the app/URL filtering rule base. However, the URL filtering indicates the detection of one of the URLs and reports an untrusted certificate, even though it is a valid certificate. This issue is blocking users from accessing the site. What should I check in order to resolve this?

Thanks,

0 Kudos
8 Replies
the_rock
MVP Gold
MVP Gold
‎2024-01-15 06:02 AM

Hey @Ihenock1011 ,

Are you able to send a screenshot? I have real good https inspection lab going in R81.20, so can also do a quick test if needed. Please blur out any sensitive info mate.

Best,

Andy

Best,
Andy
0 Kudos
Ihenock1011
Advisor
‎2024-01-15 10:13 PM
In response to the_rock

@the_rock 

sure, Attached is the screenshot for the specific log.

 

 

Preview file
89 KB
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-01-16 04:31 AM
In response to Ihenock1011

I know customer had an issue like this 2 years ago, I will check my notes later and see what was the solution.

Andy

Best,
Andy
0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-01-15 11:45 PM

Is it a public website? Is it a valid certificate publically or for your domain? 

0 Kudos
Ihenock1011
Advisor
‎2024-01-16 01:02 AM
In response to emmap

@emmap  Yes, its SWIFT's cloud service.

https://tracker.browse.swiftnet.sipn.swift.com

 

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-01-16 01:34 AM
In response to Ihenock1011

When I load that link I get an invalid CA error in Chrome, and viewing the cert it doesn't look like it was issued by any publicly trusted CA. It looks like this is a valid determination by the gateway. To get around this you'll have to do an IP based bypass, which might be a challenge depending on where/how the service is hosted.Annotation 2024-01-16 173237.png

 
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-01-16 04:32 AM
In response to Ihenock1011

I see what @emmap is saying, its definitely NOT issues by valid trusted CA authority.

Best,

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-01-16 04:45 AM
In response to Ihenock1011

This is what customer told me back in 2023 when they had this issue, but again, not sure if this might be the case with you...

Andy

***********

We found the problem. I’m not sure how this happened but looks like we were missing the SAN (Subject Alternative Name in the certificate).

******************

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events