topic HTTPS Inspection on LAN in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-on-LAN/m-p/135936#M20526 <P>Hi Community,</P><P>&nbsp;</P><P>We have a couple of 5200 Security Gateways, working in ClusterXL mode (Active/passive).</P><P>These are used in our internal LAN, to enforce access control policies. Software blades activated are Application Control, Identity Awareness, and Threat Prevention (IPS).</P><P>Policies validates that users (acccess role, Lan segment, hosts), ... can access various services like servers, applications, printing system, VoIP... on different vlans...</P><P>I wonder if it makes sense to activate HTTPS inspection (and also URL filtering and Content Awareness).</P><P>Can it be benefic to limit risks on our internal network ?</P><P>Note that Internet access is filtred/decrypted by our perimetric FW.</P><P>Thanks for your advices,</P> Thu, 09 Dec 2021 15:45:15 GMT GUEYDON_Olivier 2021-12-09T15:45:15Z HTTPS Inspection on LAN https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-on-LAN/m-p/135936#M20526 <P>Hi Community,</P><P>&nbsp;</P><P>We have a couple of 5200 Security Gateways, working in ClusterXL mode (Active/passive).</P><P>These are used in our internal LAN, to enforce access control policies. Software blades activated are Application Control, Identity Awareness, and Threat Prevention (IPS).</P><P>Policies validates that users (acccess role, Lan segment, hosts), ... can access various services like servers, applications, printing system, VoIP... on different vlans...</P><P>I wonder if it makes sense to activate HTTPS inspection (and also URL filtering and Content Awareness).</P><P>Can it be benefic to limit risks on our internal network ?</P><P>Note that Internet access is filtred/decrypted by our perimetric FW.</P><P>Thanks for your advices,</P> Thu, 09 Dec 2021 15:45:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-on-LAN/m-p/135936#M20526 GUEYDON_Olivier 2021-12-09T15:45:15Z Re: HTTPS Inspection on LAN https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-on-LAN/m-p/136112#M20563 <P>URL Filtering only makes sense for Internet-based traffic.<BR />Content Awareness...depends on your use case.<BR />Likewise, with HTTPS Inspection...depends precisely on what you're hoping to see that you're not seeing.&nbsp;</P> Sun, 12 Dec 2021 23:51:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-on-LAN/m-p/136112#M20563 PhoneBoy 2021-12-12T23:51:30Z