This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
emiliano_mastro
Participant
‎2021-09-26 02:09 AM

https inbound inspection on port 8443

Hi everyone, on my R80.40, for a web site, I have enabled https inbound inspection on port 8443 which I have defined as https protocol.
The setting works because the client sees the certificate which I have put into the firewall for the inspection, but why is there no logs of "https inspect" ?

There is only firewall blade's log

Please take a look to images

 


thanks
Emiliano

Preview file
20 KB
Preview file
27 KB
Preview file
43 KB
0 Kudos
12 Replies
the_rock
Champion
Champion
‎2021-09-26 04:49 AM

I cant remember now, but I think it has to do with legacy https inspection dashboard setting(s). I will check it later in my lab to see if I can find it.

0 Kudos
emiliano_mastro
Participant
‎2021-09-26 05:06 AM
In response to the_rock

ok, please let me know

 

thanks 

Emiliano 

0 Kudos
the_rock
Champion
Champion
‎2021-09-26 06:43 AM
In response to emiliano_mastro

Sorry, I think I may have confused 2 different things, my apologies. But, just to be sure, can you send a screenshot of below? Go to dashboard, then manage and settings on lefr, then click on blades and all the way down open dashboard for https inspection. Once new window pops up, click on server certificates on the lft and if you could send whats there, would be great.

0 Kudos
emiliano_mastro
Participant
‎2021-09-26 07:09 AM
In response to the_rock

I've uploaded the image, but I can't understand how it can help

 

Emiliano

Preview file
64 KB
0 Kudos
the_rock
Champion
Champion
‎2021-09-26 07:11 AM
In response to emiliano_mastro

You are right, sorry, I thought there were some settings there for logs, but I was wrong, apologies. Lets see if anyone else may have an idea.

0 Kudos
the_rock
Champion
Champion
‎2021-09-26 07:13 AM
In response to emiliano_mastro

One thing I thought of is if you go to logs and monitor and enter this search -> blade:"HTTPS Inspection", do you see anything at all for what you are looking for or no?

0 Kudos
emiliano_mastro
Participant
‎2021-09-26 07:55 AM
In response to the_rock

my apologies, I went wrong because, for the inbound inspection, I set up an https rule with server's private ip and not with ip public of nat. Now I changed so now there are "https inspection" events.

Unfortunately there is somenthing that doesn't work well because the event says :"Internal system error in HTTPS Inspection (Error Code: 2)"

Preview file
41 KB
0 Kudos
the_rock
Champion
Champion
‎2021-09-26 08:04 AM
In response to emiliano_mastro

For that, you may need to involve TAC. I noticed that a lot too with one customer that uses https inspection, but even though we did raise case with TAC about it, we had not gotten an official reason yet. Personally, I believe it has to do with engine settings from legacy https dashboard, but though we tried changing those as well, did not do anything.

0 Kudos
emiliano_mastro
Participant
‎2021-09-26 08:47 AM
In response to the_rock

tomorrow I'll open a ticket.

 

thanks a lot for your support

the_rock
Champion
Champion
‎2021-09-26 12:41 PM
In response to emiliano_mastro

For sure, any time. Please update us how it goes, because Im also curious to see what can be causing that warning/error.

Andy

0 Kudos
emiliano_mastro
Participant
‎2021-09-26 01:09 PM
In response to the_rock

I just figured it out.


I allowed the traffic only from some public ips to the nat IP of that server, but to work I also had to open traffic from my firewall to  private ip of that server. that's all.  Now there are "https inspection logs"

I really apologize for wasting your time. I hope my errors can be useful for someone

thanks

Emiliano

 

Preview file
37 KB
0 Kudos
the_rock
Champion
Champion
‎2021-09-26 01:12 PM
In response to emiliano_mastro

Im glad it worked and please, never apologize for something like this, because its a community where people want to help others, so to me at least, its never a waste of time. More people share ideas and find solutions, its better for EVERYONE!

Have a great night!

Ciao 🙂

Andy

0 Kudos