Blueprint design for inbound webtraffic in onpremise datacenter
We are looking for a design concept or best practice setups for onpremise datacenter environment where 90% of traffic is inbound https.
We are already using R80.40 clusters and Citrix netscalers (for loadbalancing and ssl offloading) but we also want to use the Appsec.
Upgrade to R81 is planned.
Does Checkpoint has some kind of document or blueprint in order to create the best setup for doing security on this incoming https traffic.
One question for example is which component can or should do IPS. The gateway or the appsec.. or both ?
Please let me know which thoughts about those kind of setups are the in community
if you want to use AppSec then it also has IPS capabilities specifically for WEB traffic. So it you activate it on AppSec you don't need to do double inspection and activate it on the Gateways also.
you might just activate it for other protocols passing through your Gateways using the Threat Prevention policy.