- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi,
Did someone manage to configure SSL Inspection bypass for Signal app on R80.30 based on custom application?
I have ssl enhanced inspection enabled, 1 rule with custom application (textsecure-service.whispersystems.org) with action bypass, and second rule to inspect everything. Signal traffic always hits second rule.
In logs I can find:
First SSL Inspection log: textsecure-service.whispersystems.org Detected
Second SSL Inpsection log: Matched Category: Uncategorized, HTTPS Inspected
So it looks that aplication (url) is detected properly but NGFW still want's to inspect it.
Best Regads,
Maciej
Regarding to this Signal support article you will need to bypass wildcard URLs, https and UDP.
Allowing all UDP Traffic will make your firewall vulnerable to the UDP hole punching attack.
This works fine with other URL's on our FW's.
Is your https inspection enabled? I think so.
More read here
R80.x - Performance Tuning Tip - SNI vs. https inspection
or here:
HTTPS Inspection and website categorization improvements introduced in R80.30
If that doesn't help! Please some pictures of the https settings.
Hi,
as requested adding config and logs screenshots.
Best Regards,
Maciej
Hi,
There is certificate pinning. But I don't want to inspect. Bypass should work as I see certificate cn.
Yes, bypass works for IP addresses.
According to: sk104717 in R80.30 probe bypass was introduced - enabled by default.
Bypass mechanism was improved to better reflect policy and resolve the above limitations:
Limitation.
HTTPS Inspection will not work for sites that require SNI (Server Name Indication) extension in the SSL "Client hello" packet. (Server Name Indication is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.)
There is SNI inside Client Hello, but I do not want to inpsect. I want to bypass so this limitation is irrelevant.
Best Regards
Maciej
Hi there,
I have few ideas. First of all inspection rule any any is not recommended. Please try to define source and destination.
For some reason this url is not categorized as custom app but is matched as uncategorized. In custom app (signal) settings tick the box urls are defined as regular expressions and modify url to .*textsecure-service.whispersystems.org.*.
I see that server is using self-signed certificate. Try importing it to trusted CA list. I see you have drop traffic from untrusted servers unchecked, but it is quick try so worth checking.
* Server certificate:
* subject: C=US; ST=California; O=Open Whisper Systems; OU=Open Whisper Systems; CN=textsecure-service.whispersystems.org
* start date: Feb 15 17:38:17 2019 GMT
* expire date: Mar 12 18:20:20 2029 GMT
* issuer: C=US; ST=California; L=San Francisco; O=Open Whisper Systems; OU=Open Whisper Systems; CN=TextSecure
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
Any news or solutions to that?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 23 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY