https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105245#M9992 <P>Not "peer" confirmation but one thing you can expect to see in the newer versions is the gateway doing certificate checks as part of SNI verification.<BR />That’s one of the ways you can confirm it’s working <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Sat, 12 Dec 2020 17:59:41 GMT PhoneBoy 2020-12-12T17:59:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105154#M9989 <P>I just wanted to hear from those who are using advanced blades like application control or IPS or Antibot without HTTPS interception. Are you happy with results and performance impact? I'm referring to R80.40 release only and above.</P> <P>We tried it back in a day with R80.10 and results were quite poor but first attempts with R80.40 seem a bit better.</P> <P>I will emphasize again - no TLS interception! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Aka "HTTPS lite"</P> Fri, 11 Dec 2020 15:23:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105154#M9989 Kaspars_Zibarts 2020-12-11T15:23:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105211#M9990 <P>It will be improved for URLF/AppC largely due to the SNI support introduced from R80.20 and above.</P> Sat, 12 Dec 2020 09:35:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105211#M9990 Chris_Atkinson 2020-12-12T09:35:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105228#M9991 <P>Yeah I understand that, but instead of having just a "peper" confirmation I want to hear from real life experience <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Sat, 12 Dec 2020 11:59:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105228#M9991 Kaspars_Zibarts 2020-12-12T11:59:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105245#M9992 <P>Not "peer" confirmation but one thing you can expect to see in the newer versions is the gateway doing certificate checks as part of SNI verification.<BR />That’s one of the ways you can confirm it’s working <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Sat, 12 Dec 2020 17:59:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-without-HTTPS-interception-in-R80-40/m-p/105245#M9992 PhoneBoy 2020-12-12T17:59:41Z