This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AaronCP
Collaborator
‎2021-12-13 10:08 AM

HTTPS Inspection bypass issue

Good evening,

 

I'm assisting a colleague with the set up of Remote Help (an app that works with InTune). When I install the client on my personal device from home (we use a split-tunnelling VPN that is configured to send Microsoft traffic via the users' local LAN), I can connect the client to Microsoft without any issues. When I attempt to do the same on a test host on-prem, the client fails to connect.

 

I have configured a test rule in the Access Control policy to allow access from this host to all of the relevant Microsoft domains using domain objects. I have also added a HTTPS Inspection bypass rule at the top of the HTTPS Inspection policy for this host. I can see in the logs that the traffic is hitting the correct Access Control and HTTPS Inspection bypass policies, but the client still fails to connect.

 

I have used the HTTPS Inspection bypass list (SK163595) but this hasn't helped either.

 

I am wondering if there is a way to totally bypass the HTTPS Inspection module altogether in R80.40?

 

Any advice/help on this would be much appreciated!

 

Thanks,

 

Aaron.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-12-13 01:04 PM

A bypass rule should do it provided it is correctly done.
However the issue may have nothing to do with HTTPS Inspection.
You might need to debug this issue in the application having trouble to determine what the precise issue is.

0 Kudos
AaronCP
Collaborator
‎2021-12-14 12:31 PM
In response to PhoneBoy

Hi @PhoneBoy 

 

Is there any way in R80.40 to bypass the HTTPS Inspection module entirely? I don't want any packets in the connection hitting the HTTPS Inspection blade. I know I can use bypass rules, or specific HTTPS bypass updatable objects, but I wonder if there's any way of circumnavigating the whole module?

 

Thanks,

 

Aaron.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-14 10:09 PM
In response to AaronCP

Short of disabling it entirely? Not that I'm aware of.

0 Kudos
Timothy_Hall
Champion
Champion
‎2021-12-15 05:01 AM
In response to AaronCP

You could try matching the problematic traffic using fast_accel, this would fastpath the traffic through SecureXL which performs minimal inspection and cannot do HTTPS Inspection.  sk156672: SecureXL Fast Accelerator (fw fast_accel) for R80.20 and above

However I concur with Phoneboy that you'll probably need to gain more understanding about what is going wrong with the application, probably with some packet captures.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos