This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2021-03-17 01:24 PM

HTTPS Inspection Harmony Connect Beta

One of the downsides of HTTPS inspection has been the perceived complexity with basically setting up what is a MITM configuration. Harmony does a pretty good job at presenting the setup of HTTPS inspection but doesn't quite go into enough detail. You have a nice selection box for enabling it versus Basic but when it comes time to implement it you just say, Download Certs or Upload your own. There is zero help and assumes a great deal of prior knowledge which a newcomer may not have. I think this is an area that can be improved.

4 Replies
PhoneBoy
Admin
Admin
‎2021-03-17 03:43 PM

Ultimately, what is required for HTTPS Inspection is a Certificate Authority key.
You can either generate that yourself (if you have an enterprise CA your users already trust) or use ours.
In either case, you will have to distribute this CA key to your users and ensure it is marked trusted.

And, you're correct: this could be clearer.
Another one for @Tomer_Sole 

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2021-03-17 04:44 PM

Thank you for this suggestion - indeed we should explain in more detail about the underlying technology. Our on-premises products have had detailed best practices for years, and even though we run the same software under the hood, the use cases are sharpened for mostly outbound traffic (inbound is coming later this year) and the web management is different than the on-premises management described at those guides. So until we spin-off the guides from our on-premises products, you are welcome to see this one: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Also until we work out the guides, a few advices below

 

Harmony Connect has 3 deployment types:

- Branch offices - where the administrator needs to deploy the certificate at the computers of the end users

- Remote users - the default certificate is actually automatically deployed as part of the first-time activation of Harmony Connect App. In case the admin modifies the certificate, they then do need to deploy the replaced certificate at the computers of the end users 

- Client-less users - this use case is not applicable and SSL Inspection happens the other way around. Users do not need a special certificate in this case.

 

 

0 Kudos
Tony_Graham
Advisor
‎2021-03-18 08:35 AM
In response to Tomer_Sole

Thank you for the clarifications. If you put one line in the 'Download Full Inspection Certificate', and/or the popup when you click

on 'Select' I think it would go a long way.

      "A default certificate is automatically deployed as part of the first-time activation of Harmony Connect App."

Otherwise if all someone is using it for are Remote Users they may try and deploy, install and update the end user certificates

which is both unnecessary and a waste of effort. If I am understanding you correctly.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2021-03-18 11:29 AM
In response to Tony_Graham

That is correct - thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events