Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bdidonato
Explorer

Bypassing Domain or IP from CheckPoint Firewall

Hello All,

CheckPoint Firewall is holding onto the network packet a too long and causing slowness issues with another 3rd party cloud proxy service that has a client installed on the system as well.  The slowness 'goes away' with the 3rd party client disabled or when we disable the CheckPoint Firewall.  Worked with support some time ago on this and with traces they can see the holding onto the packets.  I'm wondering if there is a way to bypass a Domain or IP address from being inspected by the CheckPoint Firewall.  Would appreciate your response.  Thank you!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You really haven't given us a lot to go on.
Let's start with version/JHF and the output of enabled_blades on the gateway.
That said, I suspect the simplest way to eliminate most inspection on the relevant flow would be something like: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

Note you would still need a rule in your Access Policy to permit the relevant traffic.

0 Kudos
bdidonato
Explorer

Thank you for your reply.  We are running Harmony EndPoint (formerly EPMaaS), which is a managed service.  It is running R81.  This is the host-based firewall component with Endpoint Security (SandBlast).   Is Secure Xl able to be configured on that system?

0 Kudos
PhoneBoy
Admin
Admin

I realize you posted this in the Endpoint group but mentioning that in the description along with the version of client in question would have been a good clarification.

In any case, the Endpoint firewall is a totally different animal.
If it’s a latency issue, I recommend re-engaging with the TAC as I don’t believe we have a “fastaccel” option on the Endpoint firewall, nor some way to completely bypass inspection.

0 Kudos
the_rock
Champion
Champion

Agree with @PhoneBoy , thats a good sk for what you are trying to do. You can also check below one I pasted, but its more for exempting connections from securexl, so worth checking as well.

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos