The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism
| Solution ID |
sk107744 |
| Product |
HTTPS Inspection |
| Version |
R77.30 |
| OS |
Gaia, SecurePlatform 2.6 |
| Platform / Model |
All |
| Date Created |
30-Oct-2015
|
| Last Modified |
12-Mar-2019
|
Symptoms
"Page not found" error in web browser when trying to connect to some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" per sk104717 (enhanced_ssl_inspection=1).
Kernel debug ('fw ctl debug -m fw + drop') shows that HTTPS connection to the HTTPS site is dropped:
;fw_log_drop_ex: Packet proto=6 Client_IP_Address:Port -> Server_IP_Address:443 dropped by fwhold_expires Reason: held chain expired;
Cause
- The involved HTTPS sites are configured to use TLS v1.1
- The HTTPS Inspection is configured to use at least TLS v1.2
Solution
|
Note: To view this solution you need to
Sign In
.
|
