- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
As far as we know, IPS signatures that look for SSL/TLS details like the version, do so in common SSL/TLS ports like TCP 443. We get that inspecting for SSL/TLS on every port will degrade performance, but it would be nice if the admin had the option to enable SSL/TLS inspection on IPS signatures in non-common ports.
This might be needed in scenarios where a company has to change the default port for services that use SSL/TLS and would like to keep the controls provided by the IPS signatures.
Miguel,
Actual inspection, as defined, is only for HTTPS, not other protocol that can use SSL/TLS for security. You can clone the HTPS and define different port for it and it should still be inspected, if this is all that you are trying to accomplish:

I'm not talking about https inspection itself. Take for example the IPS signatures/protections that look for the SSL/TLS version. You can configure the signatures to block/prevent SSLv3.0 usage as an example. But this protection will only do that in common ports. It will block connections using SSLv3.0 on port 443, but not on a random non-common port that your organization might use like port TCP 334.
IPS is using streaming to inspect signatures. If you want to port SSL/TLS IPS protection, you need to mark your custom service as HTTPS, as already shown on the picture above. Check Point streaming engine needs to know this specific TCP port needs to be streamed too.
Have you tried doing that?
We need a simple method of adding a custom port, this means a port different from 443 ( https). So that the inspection could be applied to the inspection selected. So that it allows to choose the protocol different from https and the port in which they are implementing SSL over TLS for example could be implemented in a different port than 443 and the inspection it is still needed.
We tried setting a custom port like in the image below. That port uses a propietary protocol based on ISO 8583 over SSL.
In our testings, the signature that prevents SSLv3 usage doest not stop connections that negotiate SSLv3 using that port, but if we use SSLv3 in a port like 443, then it works.

+1 on this one
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY