The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism
Technical Level
Solution ID
sk107744
Technical Level
Product
HTTPS Inspection
Version
R77.30 (EOL)
OS
Gaia, SecurePlatform 2.6
Platform / Model
All
Date Created
30-Oct-2015
Last Modified
12-Mar-2019
Symptoms
"Page not found" error in web browser when trying to connect to some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" per sk104717 (enhanced_ssl_inspection=1).
Kernel debug ('fw ctl debug -m fw + drop') shows that HTTPS connection to the HTTPS site is dropped: ;fw_log_drop_ex: Packet proto=6 Client_IP_Address:Port -> Server_IP_Address:443 dropped by fwhold_expires Reason: held chain expired;
Cause
The involved HTTPS sites are configured to use TLS v1.1
The HTTPS Inspection is configured to use at least TLS v1.2