This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chethan_m
Collaborator
‎2023-07-24 12:11 AM

Checkpoint Gaia Web-UI HTTPS redirection and Enforce HSTS (HTTP Strict Transport Security)

Hi everyone,

 

I recently saw on one of the community posts that said, HTTP redirection is the default behavior on Checkpoint and no explicit configuration is required unlike Fortinet Firewalls. 

But when we try to connect to the Gaia Web-UI portal using only the server-IP-address but not HTTPS or http://<ip-address> then it refuses to connect, unless we explicitly specify https://<ip-address> (for the first time at least).  I don't see a redirection happening.

Am I missing out something? and can we enforce HSTS for Gaia Web UI by any chance? I believe, there must be configuration for this.

The requirements are:

  1. Checkpoint must instruct the web browser(s) to always connect to it via HTTPS.
  2. The Checkpoint's internal web server must provide the HSTS directives.
  3. Disable the ability for the users to click through TLS warnings.

 

Are these hardening requirements, overkill for just accessing the firewalls that are internal or a legitimate one?

 

Thank you.

 

Quantum Force (Security Gateways) Next Generation Firewall 

Quantum Force (Security Gateways)
Quantum Force (Security Gateways)
Security Platforms & Management
Next Generation Firewall
Next Generation Firewall
Network
0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-07-24 12:23 AM

Can you refer to that post? Paltform portal does not do HTTP to HTTPS redirection, AFAIK. 

0 Kudos
chethan_m
Collaborator
‎2023-07-24 02:27 AM
In response to _Val_

From Here: Gaia Web GUI - http to https redirection - Check Point CheckMates

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-24 01:35 PM
In response to chethan_m

The only supported mechanism to access the Gaia WebUI is HTTPS.
We don't even listen on TCP port 80 any longer, thus we do not provide a mechanism to redirect from HTTP to HTTPS.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events