The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
HTTPS traffic is inspected when it is configured to be bypassed
Technical Level
Solution ID
sk132913
Technical Level
Product
HTTPS Inspection
Version
R77.30 (EOL), R80.10 (EOL), R80.20 (EOL)
OS
Gaia
Platform / Model
All
Date Created
30-Jul-2018
Last Modified
07-May-2019
Symptoms
HTTPS Inspection is configured to "Bypass" traffic, but eventually the traffic is inspected, while Probe Bypass is disabled (enhanced_ssl_inspection=0)
Running WSTLSD debug (sk105559) during the issue results in the following messages in $FWDIR/log/wstlsd.elg:
The reply is too old
Not expecting other replies for this level (1). Validation failed
OCSP response time obsolete. Response considered unreliable.
.
.
The OCSP reply shows:
isReplyTimeRecent: nextUpdate (0) or thisUpdate (1546409382) not present, assuming information is always available
Cause
Parsing error occurred on the OCSP reply "nextUpdate" field causes a OCSP (CRL) validation failure.
