AnsweredAssumed Answered

https inspection is not working

Question asked by abihsot . on Nov 26, 2018
Latest reply on Nov 26, 2018 by Evgeniy Olkov

Hi Guys,

 

I have a strange problem with https inspection. Something I am missing here and run out of options.

 

R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.

 

cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1

 

https inspection policy:

my computer -> internal networks;      any category; action: bypass

my computer -> internet;                     specific URLs; action bypass

my computer -> internet;                     any category; action: inspect

 

First problem - there are no inspect logs. Only bypass for first https inspection rule.

Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.

 

wstlsd.elg file contains only:

[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully

 

Any ideas?

Outcomes