topic Re: Bypassing Domain or IP from CheckPoint Firewall in Endpoint

Bypassing Domain or IP from CheckPoint Firewall

bdidonato — Wed, 08 Sep 2021 15:23:43 GMT

Hello All,

CheckPoint Firewall is holding onto the network packet a too long and causing slowness issues with another 3rd party cloud proxy service that has a client installed on the system as well. The slowness 'goes away' with the 3rd party client disabled or when we disable the CheckPoint Firewall. Worked with support some time ago on this and with traces they can see the holding onto the packets. I'm wondering if there is a way to bypass a Domain or IP address from being inspected by the CheckPoint Firewall. Would appreciate your response. Thank you!

Re: Bypassing Domain or IP from CheckPoint Firewall

PhoneBoy — Wed, 08 Sep 2021 23:28:19 GMT

You really haven't given us a lot to go on.
Let's start with version/JHF and the output of enabled_blades on the gateway.
That said, I suspect the simplest way to eliminate most inspection on the relevant flow would be something like: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156672

Note you would still need a rule in your Access Policy to permit the relevant traffic.

Re: Bypassing Domain or IP from CheckPoint Firewall

the_rock — Thu, 09 Sep 2021 00:28:54 GMT

Agree with @PhoneBoy , thats a good sk for what you are trying to do. You can also check below one I pasted, but its more for exempting connections from securexl, so worth checking as well.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104468

Re: Bypassing Domain or IP from CheckPoint Firewall

bdidonato — Thu, 09 Sep 2021 14:23:58 GMT

Thank you for your reply. We are running Harmony EndPoint (formerly EPMaaS), which is a managed service. It is running R81. This is the host-based firewall component with Endpoint Security (SandBlast). Is Secure Xl able to be configured on that system?

Re: Bypassing Domain or IP from CheckPoint Firewall

PhoneBoy — Thu, 09 Sep 2021 21:10:00 GMT

I realize you posted this in the Endpoint group but mentioning that in the description along with the version of client in question would have been a good clarification.

In any case, the Endpoint firewall is a totally different animal.
If it’s a latency issue, I recommend re-engaging with the TAC as I don’t believe we have a “fastaccel” option on the Endpoint firewall, nor some way to completely bypass inspection.