CheckMates Fest 2025!
Join the Biggest Event of the Year!
Simplifying Zero Trust Security
with Infinity Identity!
Zero Trust Implementation
Help us with the Short-Term Roadmap
CheckMates Go:
Recently on CheckMates
Here is the note I made:
How to get updates working when there is an upstream Proxy doing Deep SSL Inspection:
You will need to export the CA file from the upstream device and then add this to the ca-bundle.crt file in two locations on the Checkpoint Manager (assuming that this is where the issue is).
$CPDIR/conf/ca-bundle.crt <-- This is so that Application level updates can work.
$FWDIR/bin/ca-bundle.crt <-- This is so that GAIA level updates work.
Note this has been tested from a R80.40 SMS. However important to note that the file could change as part of upgrade or jumbo installation.
Additionally the above solution is not supported by TAC.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
