Thursday, December 22, 2011

Some aspects of HHTPS inspection

There is a nice review of different SSL inspection aspects and (potentially) issues made my Kishin Fatnani over here.

Take a look, it is quite interesting.

Found through LinkedIn

2 comments:

  1. Hi Valeri,
    I have a problem with blocking in example youtube and facebook. Which are blocked when sessions are http (the blocked page shows up), and are not blocked at all when the sessions are https (the blocked page do not shows up). Example of logs from https inspection below.

    Info:
    - R75.20 virtualized in ESX (management installed saparately from security gateway)
    - Https Inspection enabled
    - Web site categorization mode is on HOLD
    - I have installed the certificate generated by the Security Gateway manually on user pc (installed in the Trusted Root Certification Authorities ).

    Number: 7221901
    Date: 2Oct2014
    Time: 15:18:15
    Interface: eth0
    Origin: CHECKPOINT-FW
    Type: Log
    Action: Detect
    Service: https (443)
    Source Port: 61127
    Source: Win7-10.240.0.13 (10.240.0.13)
    Destination: mil01s19-in-f9.1e100.net (173.194.116.9)
    Protocol: tcp
    Product: HTTPS Inspection
    Resource: google.com
    HTTPS Validation: Client has not installed CA certificate
    Policy Info: Policy Name: Standard
    Created at: Thu Oct 02 12:10:33 2014
    Installed from: CHECKPOINT-MGMT

    Could you please advise on this?

    Regards,
    Ardit

    ReplyDelete