Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

PRODUCTS / SOLUTIONS
SOLUTIONS FOR...

Cloud

Data Center

Midsize & Enterprise

Less than 100 Employees

Home Office/Consumer
PRODUCT ARCHITECTURE

Check Point Infinity
PRODUCTS

NEXT GENERATION THREAT PREVENTION

SandBlast Zero-Day Protection

Threat Prevention Appliances & Software

Threat Intelligence

Web Security

DDOS Protection
MOBILE SECURITY

SandBlast Mobile

Check Point Capsule
ENDPOINT SECURITY
NEXT GENERATION FIREWALLS

vSEC for Public and Private Cloud

Data Center

Midsize & Enterprise

Small Business
SECURITY MANAGEMENT

Policy Management

Workflow and Orchestration

Integrated Threat Management

Smart-1 Management Appliances

See all products
INDUSTRIES

Retail / Point of Sale (POS)

Financial Services / ATM

Critical Infrastructure & ICS/SCADA

Public and Private Cloud

Government and Federal Institutions

Healthcare

Service Provider / Telco

Governance, Risk & Compliance (GRC)
ARCHITECTURE

Software Defined Protection (SDP)
SUPPORT / SERVICES
SUPPORT CENTER
SUPPORT PROGRAMS
SECURITY SERVICES
- ThreatCloud Incident Response
- ThreatCloud Managed Security Service
KNOWLEDGE AND EDUCATION
PROFESSIONAL SERVICES
- Design, Deploy, Operate and Optimize
- Lifecycle Management Services
PARTNERS
CHANNEL PARTNERS
- Become a Partner
- Find a Partner
TECHNOLOGY PARTNERS
- Technology Partners
PARTNER PORTAL
- PartnerMAP Sign In
COMPANY
COMPANY OVERVIEW
NEWS & MEDIA
EVENTS
- Events
- Webinars
CAREERS
- Search Jobs
BLOG

Support Center > Search Results > SecureKnowledge Details

Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism

Solution ID	sk107744
Product	HTTPS Inspection
Version	R77.30
OS	Gaia, SecurePlatform 2.6
Platform / Model	All
Date Created	2015-10-30 13:35:53.0
Last Modified	2019-03-12 01:30:19.0

Symptoms

"Page not found" error in web browser when trying to connect to some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" per sk104717 (enhanced_ssl_inspection=1).
Kernel debug ('fw ctl debug -m fw + drop') shows that HTTPS connection to the HTTPS site is dropped:
;fw_log_drop_ex: Packet proto=6 Client_IP_Address:Port -> Server_IP_Address:443 dropped by fwhold_expires Reason: held chain expired;

Cause

The involved HTTPS sites are configured to use TLS v1.1
The HTTPS Inspection is configured to use at least TLS v1.2

Solution

Note: To view this solution you need to Sign In .

©1994-2019 Check Point Software Technologies Ltd. All rights reserved.
Copyright | Privacy Policy