Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
minhhaivietnam
Collaborator

HTTPS BYPASS not working

Hello experts,

I'm using checkpoint R81 with https inspection blade.

I have a host , and I want bypass when it access site webex.com. I made a rule for it, and below  logs is saying that it is bypassed.

bypasss1.png

But when this host goes to webex.com by chrome or Edge, it says that connection is not secure and certificate is showing wrong like this:

bypasss1.png

 

bypasss1.png

 

Please help me, thanks you!!!

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

sk106996: "HTTP Strict Transport Security" (HSTS) header handling in HTTPS Inspection

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

Can you please show how your bypass rule looks like?

0 Kudos
minhhaivietnam
Collaborator

Hi Mr _val_,

Here is my rule (I bypass by using IP-range of webex

bypasss1.png

0 Kudos
_Val_
Admin
Admin

Also, why a user group as a source?

0 Kudos
Sorin_Gogean
Advisor

Hey, 

 

Did you checked the certificate you get for that page from outside your network, I see the same error considering that the SSL certificate is not covering the https://webex.com.ro.webex.com.ro (see below)

Capture.JPG

Thank you,

0 Kudos
minhhaivietnam
Collaborator

Hi mr Sorin,

On my host, I type only https://webex.com, dont know why checkpoint log say webex.com.ro.webex.com.ro  

I doubt maybe firewall still has intervention even I set bybass for webex-ip.

0 Kudos
minhhaivietnam
Collaborator

Here is cert of webex.com , which my host is seeing:

bypasss1.pngbypass2.png

0 Kudos
Sorin_Gogean
Advisor

So you can see that the cert that is presented is not trusted , therefore where is the CheckPoint HTTPS Inspection culprit ?!?!?!

As for the WebEx.com, it might do some redirects and will get to the 64.68.121.205 (that is webex.com.ro.webex.com.ro ) , you should run some HTTP network traces ( in Chrome do an F12 and choose Network Tab [mark Preserve Log] and you should see the 3xx redirects if there are any) .

 

Still I'm not getting your question, you state that you have HTTPS Inspection on the GW and on webex.com you get some browser SSL errors/alerts - where is CheckPoint part involved in all this ?

You have a bypass rule that it happens - is clearly showed/logged - and if the HTTPS would Inspect, you should see your internal Certificate generated on-the-fly from the GW .

So I didn't catch your CKP problem except the HSTS error - and that is not tight to CKP in my opinion.

 

Thank you,

0 Kudos
Tobi
Participant
Participant

Were you able to solve the issue? I'm having the same problem.

0 Kudos
_Val_
Admin
Admin

Not a good rule. Use a Webex Updatable object instead, please

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events