HTTPS traffic is inspected when it is configured to be bypassed

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Symptoms

HTTPS Inspection is configured to "Bypass" traffic, but eventually the traffic is inspected, while Probe Bypass is disabled (enhanced_ssl_inspection=0)
Running WSTLSD debug (sk105559) during the issue results in the following messages in $FWDIR/log/wstlsd.elg:

The reply is too old Not expecting other replies for this level (1). Validation failed OCSP response time obsolete. Response considered unreliable. . . The OCSP reply shows: isReplyTimeRecent: nextUpdate (0) or thisUpdate (1546409382) not present, assuming information is always available

Cause

Parsing error occurred on the OCSP reply "nextUpdate" field causes a OCSP (CRL) validation failure.

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE