This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
flachance
Advisor
‎2024-02-05 07:24 AM
Jump to solution

HTTPS inspection causing timeout

Hi,

 

Firewall is running R80.20.

We have a web server used for clients to upload files.

Https inspection is enabled and setup for incoming connections to this server.

When they try to upload large files around 350MB it times out.

If I disable https inspection it works. Is there any limitations for HTTPS inspection and large file?

 

Thanks

Francis

0 Kudos
1 Solution

Accepted Solutions
flachance
Advisor
‎2024-02-13 08:48 AM
Jump to solution

Looks like the issue was with HTTP/2. TAC advised to disable it with 

  1. ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
  2. cpstop;cpstart

Although HTTP/2 is supposed to be supported, it did fix our issue.

View solution in original post

0 Kudos
20 Replies
Lesley
Advisor
‎2024-02-05 10:00 AM
Jump to solution

Version is to old to give any good advice. 

Maybe start with upgrade if not possible you can check: https://support.checkpoint.com/results/sk/sk150933

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
flachance
Advisor
‎2024-02-05 10:01 AM
In response to Lesley
Jump to solution

Oups I did it again. It's a typo. We're at R81.20

0 Kudos
the_rock
Legend
Legend
‎2024-02-05 10:24 AM
Jump to solution

Yea, thats a tricky problem, specially if its inbound https inspection. I would personally open TAC case, but they will probabl;y ask you to debug wstlsd process.

Andy

https://support.checkpoint.com/results/sk/sk112066

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-05 01:38 PM
Jump to solution

It may not be HTTPS Inspection, but one of the other Software Blades.
What is enabled here?

0 Kudos
flachance
Advisor
‎2024-02-06 05:52 AM
In response to PhoneBoy
Jump to solution

IPSec VPN, Mobile Access, Application Control, URL filtering, Identity Awareness, Cluster XL, Monitoring, IPS, Anti-Bot, Anti-Virus.

As I get more detail about this, It's not just for very large file upload. It's for any file upload but it's intermittent, sometime it works sometime it doesn't. Though the larger the file, the more it seems to fail.

But if I disable HTTPS inspection for incoming connections to that web server, it works every time.

0 Kudos
the_rock
Legend
Legend
‎2024-02-06 05:55 AM
In response to flachance
Jump to solution

I would still follow the sk I gave you, because it may help you lots before opening TAC case, as Im fairly sure they would ask you to run that debug.

Andy

0 Kudos
flachance
Advisor
‎2024-02-06 05:57 AM
In response to the_rock
Jump to solution

Yes, I did that and opened a ticket. We'll see what they say.

0 Kudos
the_rock
Legend
Legend
‎2024-02-06 05:58 AM
In response to flachance
Jump to solution

To help you out further, if you are allowed to, I am happy to check the debug myself, as long as you are allowed to send it.

Best,

Andy

0 Kudos
flachance
Advisor
‎2024-02-06 06:35 AM
In response to the_rock
Jump to solution

Thanks Andy, I appreciate the offer. I don't think I'm allowed so I'll wait for TAC's answer. I'll post updates when they get back to me.

 

0 Kudos
the_rock
Legend
Legend
‎2024-02-06 06:37 AM
In response to flachance
Jump to solution

Totally fair, I dont want you to be in trouble because of that. Let us know what TAC says. Hope there is quick solution.

I am running really good https inspection lab on R81.20, so will log in later and see if there are some settings in legacy dashboard that could cause this. Will take some screenshots and send it over, just working on some Azure stuff now, so may be in couple hours or so.

Best,

Andy

the_rock
Legend
Legend
‎2024-02-06 07:15 AM
In response to flachance
Jump to solution

K, just taking a break from Azure stuff, man, its like a mammoth of things lol

Anywho, I attached what I was referring to. Would you mind please let us know how you have those configured?

Best,

Andy

Preview file
688 KB
0 Kudos
flachance
Advisor
‎2024-02-06 10:57 AM
In response to the_rock
Jump to solution

HTTPSValidationSettings.JPGCapture1.JPG

0 Kudos
the_rock
Legend
Legend
‎2024-02-06 11:22 AM
In response to flachance
Jump to solution

Looks right to me...anyway, lets wait see what TAC says. Im super curious how this gets solved.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-06 11:45 AM
In response to flachance
Jump to solution

What Threat Prevention profile applies to this connection?
Is it a custom profile or one of the standard ones (e.g. "Optimized")?
Or are you using Autonomous Threat Prevention?

0 Kudos
flachance
Advisor
‎2024-02-06 11:50 AM
In response to PhoneBoy
Jump to solution

custom. Capture3.JPG

0 Kudos
the_rock
Legend
Legend
‎2024-02-06 12:03 PM
In response to flachance
Jump to solution

That has to work 100%. I have client that implemented inbound https inspection on R81.10 and there were no issues. I would expect it to be better in R81.20

Andy

0 Kudos
Alex-
Advisor
Advisor
‎2024-02-06 12:09 PM
In response to flachance
Jump to solution

I would change Low Confidence from Detect to Inactive.

0 Kudos
flachance
Advisor
‎2024-02-06 12:15 PM
In response to Alex-
Jump to solution

You know, that's not a bad idea at all. I don't recall ever having any use for Low Confidence detection.

0 Kudos
flachance
Advisor
‎2024-02-13 08:48 AM
Jump to solution

Looks like the issue was with HTTP/2. TAC advised to disable it with 

  1. ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
  2. cpstop;cpstart

Although HTTP/2 is supposed to be supported, it did fix our issue.

0 Kudos
the_rock
Legend
Legend
‎2024-02-13 08:50 AM
In response to flachance
Jump to solution

Thats really good to know, thanks for letting us know.

 

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events