This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
minhhaivietnam
Collaborator
‎2022-05-24 02:08 AM

HTTPS BYPASS not working

Hello experts,

I'm using checkpoint R81 with https inspection blade.

I have a host , and I want bypass when it access site webex.com. I made a rule for it, and below  logs is saying that it is bypassed.

bypasss1.png

But when this host goes to webex.com by chrome or Edge, it says that connection is not secure and certificate is showing wrong like this:

bypasss1.png

 

bypasss1.png

 

Please help me, thanks you!!!

0 Kudos
10 Replies
G_W_Albrecht
Legend
Legend
‎2022-05-24 04:19 AM

sk106996: "HTTP Strict Transport Security" (HSTS) header handling in HTTPS Inspection

CCSE CCTE SMB Specialist
0 Kudos
_Val_
Admin
Admin
‎2022-05-24 04:33 AM

Can you please show how your bypass rule looks like?

0 Kudos
minhhaivietnam
Collaborator
‎2022-05-24 06:33 PM
In response to _Val_

Hi Mr _val_,

Here is my rule (I bypass by using IP-range of webex

bypasss1.png

0 Kudos
_Val_
Admin
Admin
‎2022-05-24 11:48 PM
In response to minhhaivietnam

Also, why a user group as a source?

0 Kudos
Sorin_Gogean
Advisor
‎2022-05-24 12:31 PM

Hey, 

 

Did you checked the certificate you get for that page from outside your network, I see the same error considering that the SSL certificate is not covering the https://webex.com.ro.webex.com.ro (see below)

Capture.JPG

Thank you,

0 Kudos
minhhaivietnam
Collaborator
‎2022-05-24 06:37 PM
In response to Sorin_Gogean

Hi mr Sorin,

On my host, I type only https://webex.com, dont know why checkpoint log say webex.com.ro.webex.com.ro  

I doubt maybe firewall still has intervention even I set bybass for webex-ip.

0 Kudos
minhhaivietnam
Collaborator
‎2022-05-24 06:56 PM
In response to minhhaivietnam

Here is cert of webex.com , which my host is seeing:

bypasss1.pngbypass2.png

0 Kudos
Sorin_Gogean
Advisor
‎2022-05-25 01:04 AM
In response to minhhaivietnam

So you can see that the cert that is presented is not trusted , therefore where is the CheckPoint HTTPS Inspection culprit ?!?!?!

As for the WebEx.com, it might do some redirects and will get to the 64.68.121.205 (that is webex.com.ro.webex.com.ro ) , you should run some HTTP network traces ( in Chrome do an F12 and choose Network Tab [mark Preserve Log] and you should see the 3xx redirects if there are any) .

 

Still I'm not getting your question, you state that you have HTTPS Inspection on the GW and on webex.com you get some browser SSL errors/alerts - where is CheckPoint part involved in all this ?

You have a bypass rule that it happens - is clearly showed/logged - and if the HTTPS would Inspect, you should see your internal Certificate generated on-the-fly from the GW .

So I didn't catch your CKP problem except the HSTS error - and that is not tight to CKP in my opinion.

 

Thank you,

0 Kudos
Tobi
Explorer
Monday
In response to minhhaivietnam

Were you able to solve the issue? I'm having the same problem.

0 Kudos
_Val_
Admin
Admin
‎2022-05-24 11:47 PM
In response to Sorin_Gogean

Not a good rule. Use a Webex Updatable object instead, please

0 Kudos