Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Netadmin2020
Contributor

Issue on matching rules after upgrading to 81.10

Hello guys,

after upgrading our gateways and secure management server to 81.10, there is suddenly a matching issue. I am attaching images.

Rules we working appropriate before the update. What are you proposing in this case? (images attached)

photo1.PNG

photo2.PNG

 

and in some cases I am seeing these:

 

photo3.PNG

photo4.PNG

 

 

 

  

0 Kudos
6 Replies
Netadmin2020
Contributor

after going to 81.10, I am experiencing a new issue. Suddenly the is a matching issue on many destinations.Images attached.

Rules were working appropriate on 80.40...

 

0 Kudos
G_W_Albrecht
Legend
Legend

I would suggest to contact TAC !

CCSE CCTE SMB Specialist
PhoneBoy
Admin
Admin

Those drops are probably: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
The ones with HTTPS Inspection are probably related to the SNI probing we do to validate SNI (which can be spoofed).

0 Kudos
Naama_Specktor
Employee
Employee

Hi @Netadmin2020 

M name is  Naama Specktor and I am checkpoint employee ,

 

If you opened a TAC SR , I will appreciate it if you will share the number .

 

thanks,

 

Naama 

0 Kudos
Netadmin2020
Contributor

I have already inform our partner for the current issue. I am little bit confused about https inspection and sni.Which is the best practice?

I am on 81.10, your proposal is to apply https bypass to everything and leave the sni to do the job?

 

0 Kudos
PhoneBoy
Admin
Admin

HTTPS Inspection is needed to do full threat prevention and content inspection on encrypted traffic.

SNI is used to identify domains you are accessing without decrypting the connection.
It can also be used to determine whether or not a connection requires full HTTPS Inspection (i.e. as part of a bypass rule).

0 Kudos