This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arturxr
Explorer
‎2022-06-09 11:16 PM

Proxy error 502 (cannotconnect)

An error appears in the browser when accessing the Internet directly through a proxy to a specific URL, it says accept in the logs: Failed to load resource: the server responded with a status of 502 (cannotconnect). Tell me what could be the problem? what settings on checkpoint can be checked

0 Kudos
6 Replies
Sorin_Gogean
Advisor
‎2022-06-09 11:23 PM

The 5xx error are HTTPS related, as I know, so do you have HTTPS Inspection on that proxy ? 

Is the Proxy an CheckPoint appliance ? 

I remember that we encountered some issues, a loooong time ago, where the SSL encryption that the site was accepting did not match the ones from the CheckPoint GW, and we were doing HTTPS Inspection on the CKP GW.

(that was solved in newer versions, as it happened with R80.30 or smth)

Ty,

0 Kudos
Arturxr
Explorer
‎2022-06-09 11:30 PM
In response to Sorin_Gogean

If you look from the Internet, then CheckPoint is the very first, behind it are proxies and then APMs. 
Tell me, what https settings need to be checked?

0 Kudos
Sorin_Gogean
Advisor
‎2022-06-09 11:55 PM
In response to Arturxr

You still didn't respond to all my questions 😊

"do you have HTTPS Inspection on that proxy ?" - unanswered....

also, do you have HTTPS Inspection on the CKP GW ?

If you don't use the proxy, is the Internet access path going the same way through the CheckPoint GW, in that case you access the website properly ?!?!?!?

 

Ty,

PS: if you don't have HTTPS Inspection on CKP, then you need to look why the proxy can't negotiate with the other website....

0 Kudos
Arturxr
Explorer
‎2022-06-09 11:59 PM
In response to Sorin_Gogean

There is no https verification on the proxy, there is on the checkpoint

0 Kudos
Sorin_Gogean
Advisor
‎2022-06-10 12:32 AM
In response to Arturxr

please respond to all things we're asking, so we're not going in circles....

"If you don't use the proxy, is the Internet access path going the same way through the CheckPoint GW, in that case you access the website properly ?!?!?!? " 

 

If you check CKP Logs, do you see something on that particular traffic? 

You should be able to get some errors in the CKP Logs.....

0 Kudos
Arturxr
Explorer
‎2022-06-10 12:56 AM
In response to Sorin_Gogean

I'm trying to get information about access directly through the checkpoint, as soon as I'll let you know, in the checkpoint logs we see that traffic to the resource is allowed by ip address. I think, try to allow access by url in the rule or add this resource to bypass and check access

0 Kudos