CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: HTTPS Inspection with Google Chrome Omnibox Issue

  1. #1
    Join Date
    2016-09-19
    Posts
    5
    Rep Power
    0

    Default HTTPS Inspection with Google Chrome Omnibox Issue

    Hello All,

    I started testing the HTTPS Inspection / Application Control Blade / URL Filtering on my egress firewall. I have about 10 users in my test group and imported the ICA certificate I created in CP to the users Trusted Root CA. Right away I started noticing issues with Google Chrome. When a user would use the "omnibox" (URL bar) for searching in Chrome, sometimes the user will get this string as a response with a blank page "https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8". I called into CP support and my CP Sales rep and as they try to mimic my environment they have not yet been able to re-create the issue. I believe it is something tied to the HTTPS Inspection, because when I bypass the category search engines for the group, the issue goes away.

    I searched Google Chrome Support and seen similar issues with Chrome a couple years back. I am stuck in the middle thinking its a Chrome issue or a Check Point HTTPS Inspection issue. I have about 5,000+ other users that don't go through the HTTPS Inspection and no one has reported an issue. Its only happening to the people in the test group for HTTPS Inspection.

    I am running R77.30 GAIA n an Open Server with FW, Adv Net, IPS, Threat Prevention, AV, AB, URLF, and App Control.

    The default Google Chrome Search String for omnibox is: {google:baseURL}search?q=%s&{google:RLZ}{google:or iginalQueryForSuggestion}{google:assistedQueryStat s}{google:searchFieldtrialParameter}{google:iOSSea rchLanguage}{google:searchClient}{google:sourceId} {google:instantExtendedEnabledParameter}{google:co ntextualSearchVersion}ie={inputEncoding}

    The 2 workarounds I have for this is:
    1. Change Default Chrome search string to be: https://www.goolge.com/search?q=%s
    2. Bypass HTTPS Inspection on category Search Engines

    Has anyone else ran into this issue?

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: HTTPS Inspection with Google Chrome Omnibox Issue

    Quote Originally Posted by The_Dude View Post
    Hello All,

    I started testing the HTTPS Inspection / Application Control Blade / URL Filtering on my egress firewall. I have about 10 users in my test group and imported the ICA certificate I created in CP to the users Trusted Root CA. Right away I started noticing issues with Google Chrome. When a user would use the "omnibox" (URL bar) for searching in Chrome, sometimes the user will get this string as a response with a blank page "https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8". I called into CP support and my CP Sales rep and as they try to mimic my environment they have not yet been able to re-create the issue. I believe it is something tied to the HTTPS Inspection, because when I bypass the category search engines for the group, the issue goes away.

    I searched Google Chrome Support and seen similar issues with Chrome a couple years back. I am stuck in the middle thinking its a Chrome issue or a Check Point HTTPS Inspection issue. I have about 5,000+ other users that don't go through the HTTPS Inspection and no one has reported an issue. Its only happening to the people in the test group for HTTPS Inspection.

    I am running R77.30 GAIA n an Open Server with FW, Adv Net, IPS, Threat Prevention, AV, AB, URLF, and App Control.

    The default Google Chrome Search String for omnibox is: {google:baseURL}search?q=%s&{google:RLZ}{google:or iginalQueryForSuggestion}{google:assistedQueryStat s}{google:searchFieldtrialParameter}{google:iOSSea rchLanguage}{google:searchClient}{google:sourceId} {google:instantExtendedEnabledParameter}{google:co ntextualSearchVersion}ie={inputEncoding}

    The 2 workarounds I have for this is:
    1. Change Default Chrome search string to be: https://www.goolge.com/search?q=%s
    2. Bypass HTTPS Inspection on category Search Engines

    Has anyone else ran into this issue?
    Chrome gets really honked off when trying to talk to Google-owned sites (including youtube) and a firewall is attempting to mess with the connection, regardless of whether it is trying to insert a UserCheck notification or performing full-blown HTTPS Inspection. See this all the time in the Secure Web Gateway (SWG) class I teach which as a result has constantly-changing lab errata. :-(

    Start your reading here:

    https://www.chromium.org/hsts (relevant to trying to insert HTTP UserChecks when HTTPS Inspection is not enabled)

    https://developers.google.com/web/up...hrome-46?hl=en (with HTTPS Inspection Chrome refuses to connect to google-owned sites)

    Later versions of Firefox are starting to get various degrees of cranky about this as well...
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    9

    Default Re: HTTPS Inspection with Google Chrome Omnibox Issue

    Not sure if you are having the same issue as me but in a similar occurrence when searching from the omnibox Chrome uses UDP 443 / QUIC protocol. I have heard that by default if you block UDP 443 Chrome is supposed to fall back to TCP. My browser was very stubborn and did not want to fall back in a timely fashion. Also, Check Point does not support inspection of QUIC as of yet from what I have read. Another thing don't forget to review Google Cache as it can still allow users to view potentially blocked content!

Similar Threads

  1. URL filtering, HTTPS Inspection, HTTP/HTTPS Proxy
    By bhavinjbhatt in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2015-07-07, 13:33
  2. HTTPS inspection block google earth search
    By LifeGame in forum Application Control Blade
    Replies: 2
    Last Post: 2015-07-02, 16:54
  3. Https Inspection
    By wiz4rd in forum Application Control Blade
    Replies: 1
    Last Post: 2014-05-27, 16:08
  4. Unable to block HTTPS traffic though google Chrome
    By Strider_99 in forum Firewall Blade
    Replies: 0
    Last Post: 2013-08-14, 18:38
  5. Https Inspection issue
    By nilsw007 in forum Advanced Networking & Clustering Blade
    Replies: 24
    Last Post: 2013-04-23, 01:29

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •