topic Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security) in General Topics

Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security)

chethan_m — Mon, 24 Jul 2023 07:11:35 GMT

Hi everyone,

I recently saw on one of the community posts that said, HTTP redirection is the default behavior on Checkpoint and no explicit configuration is required unlike Fortinet Firewalls.

But when we try to connect to the Gaia Web-UI portal using only the server-IP-address but not HTTPS or http://<ip-address> then it refuses to connect, unless we explicitly specify https://<ip-address> (for the first time at least). I don't see a redirection happening.

Am I missing out something? and can we enforce HSTS for Gaia Web UI by any chance? I believe, there must be configuration for this.

The requirements are:

Checkpoint must instruct the web browser(s) to always connect to it via HTTPS.
The Checkpoint's internal web server must provide the HSTS directives.
Disable the ability for the users to click through TLS warnings.

Are these hardening requirements, overkill for just accessing the firewalls that are internal or a legitimate one?

Thank you.

Re: Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security)

_Val_ — Mon, 24 Jul 2023 07:23:13 GMT

Can you refer to that post? Paltform portal does not do HTTP to HTTPS redirection, AFAIK.

Re: Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security)

chethan_m — Mon, 24 Jul 2023 09:27:52 GMT

From Here: Gaia Web GUI - http to https redirection - Check Point CheckMates

Re: Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security)

PhoneBoy — Mon, 24 Jul 2023 20:35:37 GMT

The only supported mechanism to access the Gaia WebUI is HTTPS.
We don't even listen on TCP port 80 any longer, thus we do not provide a mechanism to redirect from HTTP to HTTPS.