https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17731#M3025 <HTML><HEAD></HEAD><BODY><P>We are running R77.30 for this customer.</P><P>In Proxy environment you do not need to enable the HTTPS inspection separately as the traffic is unpacked anyway.</P><P></P><P>But in this case we really need to have this traffic in bypass-the-proxy-mode to move it into the PXL path. So we have asked the customer to adjust the proxy pac file, so we can add a small policy to allow this traffic to pass and be moved to PXL path.</P></BODY></HTML> Thu, 20 Dec 2018 08:54:30 GMT Maarten_Sjouw 2018-12-20T08:54:30Z https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17729#M3023 <HTML><HEAD></HEAD><BODY><P>Is there any way that SecureXL Medium path can be used when the GW is used as a proxy?</P><P>We have a customer that has a 15600 and they have asked us to setup a proxy for several reasons. Now they are migrating to Office365 and I see a lot of traffic hitting the FW path, some traffic hitting the medium path and none hitting the fast path.</P><P>As Proxy traffic needs to be handled by the gateway itself, I would not expect this to be able to accelerated, so my thoughts were to ask the customer to exclude the Office 365 URL's from the PAC file, so they will not use the proxy, thus allowing this traffic to be accelerated.</P><P>They also have WiFi networks that do not need to use the proxy and we see 200/600Mbps in traffic in PXL/FW paths.&nbsp;We have&nbsp;12 cores for the FW-Workers but are all at or close to 100% at the busy moments.</P></BODY></HTML> Wed, 19 Dec 2018 14:50:26 GMT https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17729#M3023 Maarten_Sjouw 2018-12-19T14:50:26Z https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17730#M3024 <HTML><HEAD></HEAD><BODY><P>In R80.10 gateway and earlier I'm pretty sure the answer is no.&nbsp; This might be handled differently in R80.20 gateway however due to the wholesale changes in SecureXL, but I doubt it.&nbsp; See:</P><P></P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92482" target="_blank">sk92482 - Performance impact from enabling HTTP/HTTPS Proxy functionality</A></P><P></P><P>Also if you are inspecting Office 365 traffic, you probably have HTTPS Inspection enabled which will force F2F handling for all traffic subject to it anyway on R80.10 gateway regardless of whether proxy mode is used or not.</P><P></P><P>--<BR /> Second Edition of my "Max Power" Firewall Book<BR /> Now Available at <A href="http://www.maxpowerfirewalls.com" target="_blank">http://www.maxpowerfirewalls.com</A></P></BODY></HTML> Wed, 19 Dec 2018 15:47:42 GMT https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17730#M3024 Timothy_Hall 2018-12-19T15:47:42Z https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17731#M3025 <HTML><HEAD></HEAD><BODY><P>We are running R77.30 for this customer.</P><P>In Proxy environment you do not need to enable the HTTPS inspection separately as the traffic is unpacked anyway.</P><P></P><P>But in this case we really need to have this traffic in bypass-the-proxy-mode to move it into the PXL path. So we have asked the customer to adjust the proxy pac file, so we can add a small policy to allow this traffic to pass and be moved to PXL path.</P></BODY></HTML> Thu, 20 Dec 2018 08:54:30 GMT https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17731#M3025 Maarten_Sjouw 2018-12-20T08:54:30Z https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17732#M3026 <HTML><HEAD></HEAD><BODY><P>Correct, the answer is NO</P></BODY></HTML> Thu, 20 Dec 2018 10:47:56 GMT https://community.checkpoint.com/t5/General-Topics/Proxy-and-SecureXL/m-p/17732#M3026 _Val_ 2018-12-20T10:47:56Z