https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6065#M14042 <HTML><HEAD></HEAD><BODY><P>Hi Norbert,</P><P></P><P>I wish to implement the sandblast appliance to intercept https traffic for Sandboxing. I would like to deploy the Sandblast appliance after proxy towards internet and using fail open card.</P><P></P><P></P><P>Regards,</P><P>Biju Nair</P><P></P><P>Sent from my iPhone</P></BODY></HTML> Thu, 07 Sep 2017 19:28:51 GMT Biju_Nair 2017-09-07T19:28:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6062#M14039 <HTML><HEAD></HEAD><BODY><P>Hi, In a scenario with 3rd party web proxy(bluecoat) in place, how would the https traffic be handled by sandblast appliance. Considering bluecoat itself is doing https inspection first.</P></BODY></HTML> Thu, 07 Sep 2017 14:13:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6062#M14039 Biju_Nair 2017-09-07T14:13:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6063#M14040 <HTML><HEAD></HEAD><BODY><P>There is not much information, how you want (or have) implemented the Sandblast appliance.</P><P></P><P>So just to keep it general:</P><P>If you want the https traffic to be inspected there has to be ssl-inspection active. Detail configuration for that depends on the implementation (sandblast before proxy or after).</P><P>Other way would be to use ICAP-client on proxy to speak with ICAP-server on Sandblast appliance.</P></BODY></HTML> Thu, 07 Sep 2017 14:40:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6063#M14040 Norbert_Bohusch 2017-09-07T14:40:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6064#M14041 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Have a look at&nbsp;<SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">sk111306 and install JHF 284 or newer which includes the ICAP server feature.</SPAN></P><P></P><P><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">HTH,</SPAN></P><P><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">Christian</SPAN></P></BODY></HTML> Thu, 07 Sep 2017 15:27:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6064#M14041 Christian_Sandb 2017-09-07T15:27:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6065#M14042 <HTML><HEAD></HEAD><BODY><P>Hi Norbert,</P><P></P><P>I wish to implement the sandblast appliance to intercept https traffic for Sandboxing. I would like to deploy the Sandblast appliance after proxy towards internet and using fail open card.</P><P></P><P></P><P>Regards,</P><P>Biju Nair</P><P></P><P>Sent from my iPhone</P></BODY></HTML> Thu, 07 Sep 2017 19:28:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6065#M14042 Biju_Nair 2017-09-07T19:28:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6066#M14043 <HTML><HEAD></HEAD><BODY><P>Hmmm. So you want two devices to break open SSL traffic independently?</P><P>This is the sort of stuff I would advise if you want nightmares.</P><P>It will be slow to the users and the likely hood you will get into negotiate trouble is big.</P></BODY></HTML> Fri, 08 Sep 2017 07:27:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6066#M14043 Hugo_vd_Kooij 2017-09-08T07:27:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6067#M14044 <HTML><HEAD></HEAD><BODY><P>I can only say that Hugo is right here and ICAP is the much better way to move forward!</P></BODY></HTML> Fri, 08 Sep 2017 07:43:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6067#M14044 Norbert_Bohusch 2017-09-08T07:43:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6068#M14045 <HTML><HEAD></HEAD><BODY><P>Thanks Hugo.</P><P></P><P>Hi Norbert,</P><P></P><P>If we plan for ICAP then the proxy will act as a ICAP client and will send the traffic to sandblast(ICAP server).</P><P></P><P>But how would the https traffic work in ICAP scenario. Will proxy send the decrypted packet to sandblast and wait for verdict from sandblast by holding the connection.</P><P></P><P></P><P>Regards,</P><P>Biju Nair</P><P></P><P>Sent from my iPhone</P></BODY></HTML> Fri, 08 Sep 2017 09:53:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6068#M14045 Biju_Nair 2017-09-08T09:53:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6069#M14046 <HTML><HEAD></HEAD><BODY><P>That's the basic idea.</P></BODY></HTML> Fri, 08 Sep 2017 21:16:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6069#M14046 PhoneBoy 2017-09-08T21:16:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6070#M14047 <HTML><HEAD></HEAD><BODY><P>In addition this helps getting you started on the BC side:</P><P><A class="link-titled" href="https://support.symantec.com/en_US/article.DOC9825.html" title="https://support.symantec.com/en_US/article.DOC9825.html">ProxySG ICAP Integration</A>&nbsp;</P><P><BR />Regards Thomas</P></BODY></HTML> Thu, 14 Sep 2017 07:20:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sandboxing-http-https-traffics-with-web-proxy-bluecoat-in-place/m-p/6070#M14047 Thomas_Werner 2017-09-14T07:20:05Z