This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Netadmin2020
Contributor
‎2022-03-24 09:58 PM

Issue on matching rules after upgrading to 81.10

Hello guys,

after upgrading our gateways and secure management server to 81.10, there is suddenly a matching issue. I am attaching images.

Rules we working appropriate before the update. What are you proposing in this case? (images attached)

photo1.PNG

photo2.PNG

 

and in some cases I am seeing these:

 

photo3.PNG

photo4.PNG

 

 

 

  

0 Kudos
6 Replies
Netadmin2020
Contributor
‎2022-03-24 03:21 PM

after going to 81.10, I am experiencing a new issue. Suddenly the is a matching issue on many destinations.Images attached.

Rules were working appropriate on 80.40...

 

Preview file
34 KB
Preview file
11 KB
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-03-25 01:15 AM

I would suggest to contact TAC !

CCSE CCTE SMB Specialist
PhoneBoy
Admin
Admin
‎2022-03-25 06:03 AM

Those drops are probably: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
The ones with HTTPS Inspection are probably related to the SNI probing we do to validate SNI (which can be spoofed).

0 Kudos
Naama_Specktor
Employee
Employee
‎2022-03-27 12:24 AM

Hi @Netadmin2020 

M name is  Naama Specktor and I am checkpoint employee ,

 

If you opened a TAC SR , I will appreciate it if you will share the number .

 

thanks,

 

Naama 

0 Kudos
Netadmin2020
Contributor
‎2022-03-27 12:53 AM
In response to Naama_Specktor

I have already inform our partner for the current issue. I am little bit confused about https inspection and sni.Which is the best practice?

I am on 81.10, your proposal is to apply https bypass to everything and leave the sni to do the job?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-28 04:51 PM
In response to Netadmin2020

HTTPS Inspection is needed to do full threat prevention and content inspection on encrypted traffic.

SNI is used to identify domains you are accessing without decrypting the connection.
It can also be used to determine whether or not a connection requires full HTTPS Inspection (i.e. as part of a bypass rule).

0 Kudos