This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bdidonato
Explorer
‎2021-09-08 08:23 AM

Bypassing Domain or IP from CheckPoint Firewall

Hello All,

CheckPoint Firewall is holding onto the network packet a too long and causing slowness issues with another 3rd party cloud proxy service that has a client installed on the system as well.  The slowness 'goes away' with the 3rd party client disabled or when we disable the CheckPoint Firewall.  Worked with support some time ago on this and with traces they can see the holding onto the packets.  I'm wondering if there is a way to bypass a Domain or IP address from being inspected by the CheckPoint Firewall.  Would appreciate your response.  Thank you!

Labels
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-09-08 04:28 PM

You really haven't given us a lot to go on.
Let's start with version/JHF and the output of enabled_blades on the gateway.
That said, I suspect the simplest way to eliminate most inspection on the relevant flow would be something like: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

Note you would still need a rule in your Access Policy to permit the relevant traffic.

0 Kudos
bdidonato
Explorer
‎2021-09-09 07:23 AM
In response to PhoneBoy

Thank you for your reply.  We are running Harmony EndPoint (formerly EPMaaS), which is a managed service.  It is running R81.  This is the host-based firewall component with Endpoint Security (SandBlast).   Is Secure Xl able to be configured on that system?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-09 02:09 PM
In response to bdidonato

I realize you posted this in the Endpoint group but mentioning that in the description along with the version of client in question would have been a good clarification.

In any case, the Endpoint firewall is a totally different animal.
If it’s a latency issue, I recommend re-engaging with the TAC as I don’t believe we have a “fastaccel” option on the Endpoint firewall, nor some way to completely bypass inspection.

0 Kudos
the_rock
Champion
Champion
‎2021-09-08 05:28 PM

Agree with @PhoneBoy , thats a good sk for what you are trying to do. You can also check below one I pasted, but its more for exempting connections from securexl, so worth checking as well.

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos