- Quantum (Secure the Network)
- IoT Protect
- Maestro
- Management
- OpenTelemetry/Skyline
- Remote Access VPN
- SD-WAN
- Security Gateways
- SmartMove
- Smart-1 Cloud
- SMB Gateways (Spark)
- Threat Prevention
- CNAPP
- Cloud Network Security
- CloudGuard - WAF
- CloudMates General
- Talking Cloud Podcast
- Browse
- Connect
- Email and Collaboration
- Endpoint
- Mobile
- SASE
- SaaS
- Events
- NDR
- Playblocks
- SOC
- XDR/XPR
- Ansible
- API / CLI Discussion
- DevSecOps
- CheckFlix
- CheckMates Go Cyber Security Podcast
- Check Point for Beginners
- Check Point Trivia
- Incident Response
- LGPD
- ReelTalk
- Tip Of The Week
- Training and Certification
- ATC Trainers
- CCSM
- CheckMates Labs
- TechTalks
- CCSM Elite
- Upcoming Events
- Americas
- Brazil
- Canada
- The Caribbean
- Central US
- Eastern US
- Latin America
- Mid-Atlantic US
- Pacific Northwest
- Southeast US
- US Federal
- Western US
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Korea
- Mongolia
- Bangalore
- Greater China
- Australia/New Zealand
- Philippines
- Japan
- Singapore
- India
- Thailand
- Taiwan
- Hong Kong
- Indonesia
- Welcome Partners!
- Non-English Discussions
- Español
- Français
- Português
- Russian
- Chinese 中文
- Japanese 日本語
- Exclusive Content
- CPX 2024 Content
- R8x Training Videos
- Recent Messages
- Recent Threads
- How-To Video Contest
- CheckMates Everywhere 5th Birthday
- Paradigm Shifts: Adventures Unleashed
- Toolbox Contest 2024
- Careers at Check Point
- The CheckMates Blog
- Threat Intelligence Reports
- About CheckMates & FAQ
- Community Guidelines
Keep Your Networking Peers Happy
With Secure SD-WANInfinity Events Improvements
Help us with the Short-Term RoadmapSecure the GenAI Revolution!
The All-New GenAI Security from Check PointCheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!CheckMates Go:
Harmony Endpoint -- What's New and DeploymentAuto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for Search instead for Did you mean:- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for Search instead for Did you mean:Are you a member of CheckMates?
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
2024-08-01 07:02 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running into an issue where I need to bypass HTTPS inspection (R81.10 JHF 150); however, this is the URL:
https://eka-prod-xxx.s3-eu-west-1.amazonaws.com - xxx is the wildcard. Is there a good way to handle this?
The full URL in this case ended up being:
- All forum topics
- Previous Topic
- Next Topic
Accepted Solutions
the_rock
2024-08-01 08:50 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Easy peasy. just add *eka-prod* as wild card, thats what I did, no issues.
the_rock
2024-08-01 07:23 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tested in the lab and worked fine, added to bypass rule like below.
2024-08-01 08:41 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/ isn't the actual URL it is using though, XXX is a placeholder for numerous other names.
I could add the highlighted URL to resolve the issue, but that section is dynamic and will be something else later. That's why I need to be able to do some sort of wildcard for the XXX portion of https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/.
the_rock
2024-08-01 08:50 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Easy peasy. just add *eka-prod* as wild card, thats what I did, no issues.
2024-08-01 09:12 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah, perfect, thanks! I forgot about the * wildcard option within custom Application/Site.
the_rock
2024-08-01 09:14 AM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All good. we are here to help
PhoneBoy
2024-08-16 12:42 PM- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For run (and research purposes), I asked AI Copilot this question.
Here's a more verbose answer:To handle bypassing HTTPS inspection for URLs with wildcards, such as the one you provided, you can use the following approach:
Solution: Bypass HTTPS Inspection Using Wildcards
- Create a Custom Application/Site Object:
- Open SmartConsole.
- Go to Security Policies .
- Click on Application/Site under Shared Objects .
- Click New > Application/Site .
- Name the object (e.g., AmazonS3Wildcard ).
- In the URL field, enter the wildcard URL: *.s3.eu-west-1.amazonaws.com .
- Click OK to save the object.
- Create an HTTPS Inspection Bypass Rule:
- In SmartConsole, go to Security Policies .
- Click on HTTPS Inspection > Policy .
- Add a new rule at the top of the policy:
- Name : Bypass Amazon S3
- Source : Any (or specify the relevant source if needed)
- Destination : Add the AmazonS3Wildcard object created earlier.
- Services : HTTPS (or specify the relevant HTTPS services)
- Action : Bypass
- Click OK to save the rule.
- Install the Policy:
- Install the Access Control policy to apply the changes.
Example Rule Configuration
Source Destination Services Action Any AmazonS3Wildcard HTTPS Bypass Important Notes:
- Wildcard Handling : Ensure that the wildcard pattern correctly matches the URLs you intend to bypass.
- Policy Order : Place the bypass rule at the top of the HTTPS Inspection policy to ensure it is matched before other rules.
- Testing : After applying the policy, test accessing the URL to confirm that the bypass is working as expected.
By following these steps, you should be able to bypass HTTPS inspection for URLs with wildcards effectively. If you encounter any issues, please refer to the relevant Check Point documentation or contact Check Point support for further assistance.
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.
Learn more:- sk112066 - How to troubleshoot an HTTPS Inspection issue
- sk122158 - Bypass by URL in HTTPS Inspection does not work when the site certificate is invalid
- sk178386 - Users cannot submit data to ELSTER (German tax authority) when HTTPS Inspection is enable.
