https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71026#M13338 <P>We have enabled HTTPS inspection covering IPS, IDS, antibot and antivirus. What should be appearing first on the traffic rule in the firewall. Because I normally see https inspection then firewall then IDS. Could you kindly provide an idea on how to carefully analyze these. Which blade should be first appearing on the traffic thats my concern.</P> Sat, 21 Dec 2019 12:51:10 GMT keydee 2019-12-21T12:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71026#M13338 <P>We have enabled HTTPS inspection covering IPS, IDS, antibot and antivirus. What should be appearing first on the traffic rule in the firewall. Because I normally see https inspection then firewall then IDS. Could you kindly provide an idea on how to carefully analyze these. Which blade should be first appearing on the traffic thats my concern.</P> Sat, 21 Dec 2019 12:51:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71026#M13338 keydee 2019-12-21T12:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71038#M13339 In general you can expect Access Control logs (firewall, VPN, App Control, URL Filtering) to come up before Threat Prevention logs.<BR />HTTPS Inspection may be required before either Access Control or Threat Prevention makes sense, so these logs may appear before the others.<BR />There are circumstances where it might vary from this slightly.<BR />If you have a specific concern, a concrete example from your logs would be helpful. Sat, 21 Dec 2019 20:18:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71038#M13339 PhoneBoy 2019-12-21T20:18:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71044#M13340 <DIV id="tinyMceEditorHeikoAnkenbrand_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Policy Matchimg.JPG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3831i216FC28A7A27EA76/image-size/large?v=v2&amp;px=999" role="button" title="Policy Matchimg.JPG" alt="Policy Matchimg.JPG" /></span><BR />Picture is from <A href="https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/member-exclusives/424/2/CheckMatest_HTTPS_Inspection_Best_Practices_v3.pptx" target="_self">Slides</A> in article:&nbsp;<A href="https://community.checkpoint.com/t5/Access-Control-Products/HTTPS-Inspection-Best-Practices-TechTalk-Video-Slides-and-Q-amp/m-p/71017#M1195" target="_self">HTTPS Inspection Best Practices TechTalk: Video, Slides, and Q&amp;A</A><BR /><BR />PS: Log entries should appear in a similar order.</P> Sat, 21 Dec 2019 21:13:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-of-Traffic-Flow-HTTPS-FIREWALL-AND-IPS/m-p/71044#M13340 HeikoAnkenbrand 2019-12-21T21:13:09Z