- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CloudGuard - WAF
- :
- Re: Blueprint design for inbound webtraffic in onp...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blueprint design for inbound webtraffic in onpremise datacenter
We are looking for a design concept or best practice setups for onpremise datacenter environment where 90% of traffic is inbound https.
We are already using R80.40 clusters and Citrix netscalers (for loadbalancing and ssl offloading) but we also want to use the Appsec.
Upgrade to R81 is planned.
Does Checkpoint has some kind of document or blueprint in order to create the best setup for doing security on this incoming https traffic.
One question for example is which component can or should do IPS. The gateway or the appsec.. or both ?
Please let me know which thoughts about those kind of setups are the in community
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My guess is that it would probably be similar to that in public cloud except you're using on-prem load balancers.
AppSec can also do IPS:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if you want to use AppSec then it also has IPS capabilities specifically for WEB traffic. So it you activate it on AppSec you don't need to do double inspection and activate it on the Gateways also.
you might just activate it for other protocols passing through your Gateways using the Threat Prevention policy.