- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
If the firewall is configured as HTTP/HTTPS proxy, and user is using for example SSH over HTTP, does the firewall proxy this traffic?
While we support being configured as an (explicit) HTTP/HTTPS proxy, it's not a configuration we generally recommend.
Performance characteristics of proxy mode are substantially different and recommend you work with your Check Point SE to ensure your gateways are appropriately sized for such a configuration.
To answer your specific question, it entirely depends on how the SSH traffic is being tunneled as to whether it will be detected or not.
It also depends on whether you've enabled IPS and have the SSH over Non-Standard Port signature enabled (how such behavior is typically detected).
On your case, would it be possible to consider using SSH DPI ?
https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...
While we support being configured as an (explicit) HTTP/HTTPS proxy, it's not a configuration we generally recommend.
Performance characteristics of proxy mode are substantially different and recommend you work with your Check Point SE to ensure your gateways are appropriately sized for such a configuration.
To answer your specific question, it entirely depends on how the SSH traffic is being tunneled as to whether it will be detected or not.
It also depends on whether you've enabled IPS and have the SSH over Non-Standard Port signature enabled (how such behavior is typically detected).
So in general, can we limit any other protocols so they don't be passed by the proxy if they run over HTTP or HTTPS?
First of all, an HTTP proxy won't work if the HTTP that comes across it is not well formed.
Beyond that, yes, you can do further limiting with App Control and/or IPS.
You will probably also need HTTPS Inspection enabled as well.
Yes, note protocol signatures may also be something to explore here e.g.
On your case, would it be possible to consider using SSH DPI ?
https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...
Thanks everyone. We might consider SSH DPI for SSH traffic as well as inforcing policies with App control
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY