'HTTPS Validation detected a connection attempt from client CLIENT@DOMAIN that has not installed CA certificate today' log in SmartView Tracker for first connection attempt over HTTPS to an update service
When connecting to the update server (e.g., updates.checkpoint.com) the first time, Security Gateway's kernel is not aware of the connection's domain because the connection is encrypted by HTTPS.
Therefore, Security Gateway cannot use URL Filtering to bypass the traffic with '
Bypass HTTPS Inspection of traffic to well known software update services (list is dynamically updated)' setting.
In order to get the connection's domain, Security Gateway runs HTTPS Inspection on the first attempt and saves an "IP_address-to-Domain" pair, and uses this saved domain for the future connections to the same IP address.
As a result:
- on the first attempt, SmartView Tracker shows this HTTPS Inspection log:
HTTPS Validation detected a connection attempt from client CLIENT@DOMAIN that has not installed CA certificate today at HH:mm:ss'
- on the second attempt, SmartView Tracker shows this HTTPS Inspection log:
HTTPS inspection to a known software update service was bypassed'
It is important to note that this will occur for any update service that uses HTTPS, or any update service that has multiple IP addresses per domain (e.g., Microsoft Update).