https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187806#M34629 <P>1. R80.30 is out of support for a while now.</P> <P>2. Try the "Extended log" option for your needs.</P> Thu, 27 Jul 2023 08:12:50 GMT _Val_ 2023-07-27T08:12:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187805#M34628 <P>Hello experts.</P><P><BR />We are investigating unusual outbound traffic on one of our customers with CP Gateways R80.30 Build 215 (Take 227).<BR />We established HTTPS inspection of outbound traffic. Configured Access rules and HTTPSi policy for inspection of specific set of hosts source and destinations.</P><P>In logs we can observe usual staff for L4 like src IP, src User (from Identity Awareness), dst IP, dst FQDN (resource from HTTPi), etc.</P><P>Now we need to understand what kind of queries and HTTP requests (GET/POST) were sent in those sessions.</P><P>Dear community members,<BR />could you please tell me how to log/monitor L7 queries with Check Point (like on WAF/LB for Web Inspection)?<BR />Before asking I’ve searched for this topic on the Check Mates and didn’t find anything suitable. Is it possible after all to do it with CP Gateway?</P><P>Thank you in advance.</P> Thu, 27 Jul 2023 08:09:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187805#M34628 T-pix 2023-07-27T08:09:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187806#M34629 <P>1. R80.30 is out of support for a while now.</P> <P>2. Try the "Extended log" option for your needs.</P> Thu, 27 Jul 2023 08:12:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187806#M34629 _Val_ 2023-07-27T08:12:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187822#M34634 <P>Oh yes. Extended logging for specific Access rule does the thing. Thank you very much.</P><P>And yes, we are planning to upgrade to R81.10.</P> Thu, 27 Jul 2023 10:59:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-outbound-HTTP-requests-with-HTTPS-inspection/m-p/187822#M34634 T-pix 2023-07-27T10:59:14Z