cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Inbound https inspection only

Hello,

 

I wanted to turn on Inbound https inspection only and not outbound. Is there a way to do this?

Going through documentation it says when you enable https inspection on the gateways, it creates an outbound CA certificate as well which means outbound https inspection is enabled as well.

 

Thanks,

Chandru

0 Kudos
5 Replies

Re: Inbound https inspection only

Hi Chandhrasekar_S,

I don't know what version your gateway is but I believe you can still follow the guide for R80.10 as below:

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/...

I would focus on this section:

To enable inbound HTTPS traffic inspection:

  1. From the SmartConsole Gateways & Servers view, edit the Security Gateway object.
  2. Click HTTPS Inspection > Step 3.
  3. Select Enable HTTPS Inspection.
  4. Import server certificates for servers behind the organization Security Gateways.
  5. Define an HTTPS inspection policy:
    • Create rules
    • Add a server certificate to the Certificate column of each rule.

 

Let us know if that answers your question.

0 Kudos

Re: Inbound https inspection only

 

 

Hi Nick,

 

We are running R80.10 gateways. Under HTTPS Inspection

 

Step1 : Outbound CA certificate creation

Step2:  Deploy outbound certificate in your organization (Which is we distributing the CA certificate to all the internal systems )

Its only in Step3: you enable HTTPS inspection, hence my question is it not possible to enable https inspection for inbound traffic only.

 

https-inspection.png

 

0 Kudos

Re: Inbound https inspection only

Hello,

I can see the confusion but as far as I'm aware, it's still the same box that you have to tick in order to enable HTTPS inspection regardless of direction.

The main difference is that instead of exporting the outbound certificate etc you will need to import the server's certificate in the section shown below:

Inbound HTTPS Inspection.PNG

 

To my knowledge, you would need to import a certificate as I don't think you have the option to generate an inbound one on the gateway in the same way that you can for outbound certificates.

0 Kudos

Re: Inbound https inspection only

Thanks Nick. Yes I am aware of importing the internal server SSL certificates etc for configuring https inbound inspection.

I believe we need to delete the default https inspection rule, in order to stop the outbound https inspection

 

0 Kudos
Admin
Admin

Re: Inbound https inspection only

You're correct.
While you may have to configure an outbound certificate as part of the process, if there is no outbound HTTPS Inspection rule, you won't get outbound HTTPS Inspection.
0 Kudos