- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- Bypassing Domain or IP from CheckPoint Firewall
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bypassing Domain or IP from CheckPoint Firewall
Hello All,
CheckPoint Firewall is holding onto the network packet a too long and causing slowness issues with another 3rd party cloud proxy service that has a client installed on the system as well. The slowness 'goes away' with the 3rd party client disabled or when we disable the CheckPoint Firewall. Worked with support some time ago on this and with traces they can see the holding onto the packets. I'm wondering if there is a way to bypass a Domain or IP address from being inspected by the CheckPoint Firewall. Would appreciate your response. Thank you!
- Labels:
-
Desktop Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You really haven't given us a lot to go on.
Let's start with version/JHF and the output of enabled_blades on the gateway.
That said, I suspect the simplest way to eliminate most inspection on the relevant flow would be something like: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note you would still need a rule in your Access Policy to permit the relevant traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply. We are running Harmony EndPoint (formerly EPMaaS), which is a managed service. It is running R81. This is the host-based firewall component with Endpoint Security (SandBlast). Is Secure Xl able to be configured on that system?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I realize you posted this in the Endpoint group but mentioning that in the description along with the version of client in question would have been a good clarification.
In any case, the Endpoint firewall is a totally different animal.
If it’s a latency issue, I recommend re-engaging with the TAC as I don’t believe we have a “fastaccel” option on the Endpoint firewall, nor some way to completely bypass inspection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agree with @PhoneBoy , thats a good sk for what you are trying to do. You can also check below one I pasted, but its more for exempting connections from securexl, so worth checking as well.