Create a Post
Mischa_Meekes
Explorer

Blueprint design for inbound webtraffic in onpremise datacenter

We are looking for a design concept or best practice setups for onpremise datacenter environment where 90% of traffic is inbound https.

We are already using R80.40 clusters and Citrix netscalers (for loadbalancing and ssl offloading) but we also want to use the Appsec.

Upgrade to R81 is planned.

Does Checkpoint has some kind of document or blueprint in order to create the best setup for doing security on this incoming https traffic.

One question for example is which component can or should do IPS. The gateway or the appsec.. or both ?

Please let me know which thoughts about those kind of setups are the in community 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

My guess is that it would probably be similar to that in public cloud except you're using on-prem load balancers.
AppSec can also do IPS:

image.png

0 Kudos
Nir_Shamir
Employee
Employee

Hi,

if you want to use AppSec then it also has IPS capabilities specifically for WEB traffic. So it you activate it on AppSec you don't need to do double inspection and activate it on the Gateways also.

you might just activate it for other protocols passing through your Gateways using the Threat Prevention policy.

0 Kudos