This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Biju_Nair
Contributor
‎2017-09-07 07:13 AM
Jump to solution

Sandboxing http/https traffics with web proxy(bluecoat) in place

Hi, In a scenario with 3rd party web proxy(bluecoat) in place, how would the https traffic be handled by sandblast appliance. Considering bluecoat itself is doing https inspection first.

1 Solution

Accepted Solutions
Christian_Sandb
Employee
Employee
‎2017-09-07 08:27 AM
Jump to solution

Hi,

Have a look at sk111306 and install JHF 284 or newer which includes the ICAP server feature.

HTH,

Christian

View solution in original post

8 Replies
Norbert_Bohusch
Advisor
‎2017-09-07 07:40 AM
Jump to solution

There is not much information, how you want (or have) implemented the Sandblast appliance.

So just to keep it general:

If you want the https traffic to be inspected there has to be ssl-inspection active. Detail configuration for that depends on the implementation (sandblast before proxy or after).

Other way would be to use ICAP-client on proxy to speak with ICAP-server on Sandblast appliance.

0 Kudos
Biju_Nair
Contributor
‎2017-09-07 12:28 PM
In response to Norbert_Bohusch
Jump to solution

Hi Norbert,

I wish to implement the sandblast appliance to intercept https traffic for Sandboxing. I would like to deploy the Sandblast appliance after proxy towards internet and using fail open card.

Regards,

Biju Nair

Sent from my iPhone

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2017-09-08 12:27 AM
In response to Biju_Nair
Jump to solution

Hmmm. So you want two devices to break open SSL traffic independently?

This is the sort of stuff I would advise if you want nightmares.

It will be slow to the users and the likely hood you will get into negotiate trouble is big.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Norbert_Bohusch
Advisor
‎2017-09-08 12:43 AM
In response to Hugo_vd_Kooij
Jump to solution

I can only say that Hugo is right here and ICAP is the much better way to move forward!

0 Kudos
Biju_Nair
Contributor
‎2017-09-08 02:53 AM
In response to Norbert_Bohusch
Jump to solution

Thanks Hugo.

Hi Norbert,

If we plan for ICAP then the proxy will act as a ICAP client and will send the traffic to sandblast(ICAP server).

But how would the https traffic work in ICAP scenario. Will proxy send the decrypted packet to sandblast and wait for verdict from sandblast by holding the connection.

Regards,

Biju Nair

Sent from my iPhone

0 Kudos
PhoneBoy
Admin
Admin
‎2017-09-08 02:16 PM
In response to Biju_Nair
Jump to solution

That's the basic idea.

0 Kudos
Christian_Sandb
Employee
Employee
‎2017-09-07 08:27 AM
Jump to solution

Hi,

Have a look at sk111306 and install JHF 284 or newer which includes the ICAP server feature.

HTH,

Christian

Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-09-14 12:20 AM
In response to Christian_Sandb
Jump to solution

In addition this helps getting you started on the BC side:

ProxySG ICAP Integration 


Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events