https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108097#M14538 <P>Hello,</P><P>Is there any document I can follow to understand how IPS works without HTTPS inspection enabled?</P> Mon, 18 Jan 2021 13:24:14 GMT mariuszchlebow 2021-01-18T13:24:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108097#M14538 <P>Hello,</P><P>Is there any document I can follow to understand how IPS works without HTTPS inspection enabled?</P> Mon, 18 Jan 2021 13:24:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108097#M14538 mariuszchlebow 2021-01-18T13:24:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108120#M14549 <P>Hi Marius,</P><P>Maybe you can clarify the question...when it comes to IPS, I dont believe functionality changes regardless if https inspection is used or not. Really, say if you dont use inspection, then gateway wont be aware of the content that is going through the ssl encrypted tunnel, thats all.</P><P>&nbsp;</P><P>Andy</P> Mon, 18 Jan 2021 19:38:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108120#M14549 the_rock 2021-01-18T19:38:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108130#M14554 <P>Hi Marius,</P><P>Threat Prevention blades will scan whatever it can see. Without HTTPS inspection, it will be minimal these days.</P><P>Traffic that is subject to scanning via the Threat Prevention blades will traverse the PXL (medium) path eventually.</P><P>&nbsp;</P><P>Please use this info for your future studies, or drop a line below for anything else <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> Mon, 18 Jan 2021 23:26:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108130#M14554 JackPrendergast 2021-01-18T23:26:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108134#M14555 <P>I would not agree totally that it would be minimal...it will scan based on whats enabled : )</P> Tue, 19 Jan 2021 00:45:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108134#M14555 the_rock 2021-01-19T00:45:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108138#M14557 <P>Hi Jack,</P><P>Thank you. Can we say that all what's encrypted will not be matched by application vulnerabilities signatures? CP IPS is only aware of unencrypted application layer and network layer 3/4 behaviour, right?</P> Tue, 19 Jan 2021 07:46:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108138#M14557 mariuszchlebow 2021-01-19T07:46:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108166#M14575 <P>correct</P> Tue, 19 Jan 2021 14:13:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-without-HTTS-inspection/m-p/108166#M14575 MartinTzvetanov 2021-01-19T14:13:47Z