Monitoring HTTPS Inspection with HSM in CLI
Run the "cpstat https_inspection" command on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / Cluster Member Security Gateway that is part of a cluster. / Scalable Platform Security Group to see the HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. status and the status of connection to the HSM Server.
Syntax
-
On the Security Gateway / each Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member, run:
cpstat -h
cpstat https_inspection -f {default | hsm_status | all}
-
On the Scalable Platform Security Group, run:
cpstat -h
g_all cpstat https_inspection -f {default | hsm_status | all}
For more information about this command, see the R81 CLI Reference Guide > Chapter Security Gateway Commands > Section cpstat.
[Expert@GW:0]# cpstat https_inspection -f default HTTPS inspection status (On/Off): On HTTPS inspection status description: HTTPS Inspection is on [Expert@GW:0]# |
[Expert@GW:0]# cpstat https_inspection -f hsm_status HSM enabled (Enabled/Disabled): Enabled HSM enabled description: HSM is enabled for HTTPS inspection with Gemalto HSM HSM partition access (Accessible/Not Accessible): Accessible HSM partition access description: Gateway can access to HSM partition for HTTPS inspection Outbound status (HSM on/HSM off/HSM error): HSM on Outbound status description: Outbound HTTPS inspection works with HSM [Expert@GW:0]# |
[Expert@GW:0]# cpstat https_inspection -f all HTTPS inspection status (On/Off): On HTTPS inspection status description: HTTPS Inspection is on HSM enabled (Enabled/Disabled): Enabled HSM enabled description: HSM is enabled for HTTPS inspection with Gemalto HSM HSM partition access (Accessible/Not Accessible): Accessible HSM partition access description: Gateway can access to HSM partition for HTTPS inspection Outbound status (HSM on/HSM off/HSM error): HSM on Outbound status description: Outbound HTTPS inspection works with HSM [Expert@GW:0]# |
Item |
Possible returned strings |
Explanation |
---|---|---|
|
|
HTTPS Inspection feature is configured on the Security Gateway / Cluster Member / Security Group. |
|
HTTPS Inspection feature is not configured on the Security Gateway / Cluster Member / Security Group. |
Item |
Possible returned strings |
Explanation |
---|---|---|
|
|
HTTPS Inspection feature is configured on the Security Gateway / Cluster Member / Security Group. |
|
HTTPS Inspection feature is not configured on the Security Gateway / Cluster Member / Security Group. |
Item |
Possible returned strings |
Explanation |
|
---|---|---|---|
|
|
The value of the :enabled() attribute is set to "yes" in the |
|
|
One of these:
|
Item |
Possible returned strings |
Explanation |
|
---|---|---|---|
|
|
|
|
|
One of these:
|
Item |
Possible returned strings |
Explanation |
|
---|---|---|---|
|
|
Security Gateway / Cluster Member / Security Group failed to check the access to its partition on the HSM Server. |
|
|
Security Gateway / Cluster Member / Security Group accessed its partition on the HSM Server. |
||
|
Security Gateway / Cluster Member / Security Group failed to access its partition on the HSM Server because of an error.
|
Item |
Possible returned strings |
Explanation |
|
---|---|---|---|
|
|
Security Gateway / Cluster Member / Security Group failed to check the access to its partition on the HSM Server. Most probably, because HSM configuration is disabled on the Security Gateway / Cluster Member / Security Group. |
|
|
Security Gateway / Cluster Member / Security Group accessed its partition on the HSM Server. |
||
|
Security Gateway / Cluster Member / Security Group failed to access its partition on the HSM Server because of an error. All these conditions were met:
Possible error messages are:
|
Item |
Possible returned strings |
Explanation |
|
---|---|---|---|
|
|
When the HTTPS Inspection daemon wstlsd starts, it is necessary to wait for one minute or less, until you can get the actual status. |
|
|
All these conditions were met:
|
||
|
One of these:
|
||
|
All these conditions were met:
|
|
Note - The conditions for the returned strings are calculated on the Security Gateway / Cluster Member / Security Group during the start of the HTTPS Inspection daemon |
Item |
Possible returned strings |
Explanation |
||
---|---|---|---|---|
|
|
When the HTTPS Inspection daemon wstlsd starts, it is necessary to wait for one minute or less, until you can get the actual status. |
||
|
|
All these conditions were met:
|
||
|
|
The value of the :enabled() attribute is set to "no" in the |
||
|
|
All these conditions were met:
Possible error messages are:
|
|
Note - The conditions for the returned strings are calculated on the Security Gateway / Cluster Member / Security Group during the start of the HTTPS Inspection daemon |