This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Carlos_Machado1
Participant
‎2018-10-11 04:00 PM

Unable to access a bank's site even though it's allowed by a rule

Hi, community!

I'm having troubles accessing banks and finance sites even though they are allowed by the proper rule. The Finance category is allowed as part of a group of categories called "level 2 categories":

But when I go to a banking site, such as grupobancolombia.com the connection is blocked. According to our logs, the firewall is blocking some sites associated to the bank's site, but it's not showing me any categories associated to them:

If I allow everything through the rule, all sites open correctly.

Any thoughts?

I'm running R80.10.

Thanks.

0 Kudos
4 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2018-10-11 11:20 PM

It seems that Website is SSL(HTTPS) and SSL(HTTPS) inspection not enabled

0 Kudos
Carlos_Machado1
Participant
‎2018-10-13 10:38 AM

But shouldn't URL categorization work even without SSL Inspection activated if I choose to "categorize HTTPS sites"?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-14 05:12 AM
In response to Carlos_Machado1

The categorization in this case will depend on what the DN of the TLS certificate is, which may be different than the URL typed in the browser.

0 Kudos
Hugo_vd_Kooij
Advisor
‎2018-10-15 03:37 AM
In response to PhoneBoy

The Subject of a certificate can be anything if you have match on the Subject Alternative Names as those are preferred over the Subject of the certificate.

At this moment I think that without SSL intercept you may run into problems.

There is still a lot of debate about all of this. Chrome seesm to ignore the subject and only relies on Subject Alternative Name.

By now that term seems to be misleading as it seems to be more of a Subject Name List.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events