This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
phlrnnr
Advisor
‎2018-10-04 12:51 PM

Do any Checkpoint appliances offer SSL offload?

I understand that Check Point is a software company.  But, since they sell their software on their own dedicated appliances, I was wondering if any of the appliances can do https encryption/decryption offload to a separate card/chip/asic so the CoreXL CPUs don't have to handle that burden?  I know other vendors that require ssl inspection have these types of asics to reduce CPU processing burden.  Just wondering if Checkpoint does this on any appliance models or is considering this?

I'd rather have CoreXL working hard at inspecting traffic and let something else worry about the encrypt/decrypt.

0 Kudos
7 Replies
Timothy_Hall
Legend Legend
Legend
‎2018-10-04 01:09 PM

This will soon be possible with the Falcon accelerator cards which are in EA right now as mentioned in the thread below by Dorit Dor‌:

Check Point R80.20 Now GA

If you'd like to join the EA program for this product I'm sure they'd love to hear from you.  🙂

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
Sarah_Elie1
Employee Alumnus
Employee Alumnus
‎2018-10-04 02:47 PM

Checkpoint has a partnership with Radware you can purchase a Radware appliance to do the ssl decryption and the Checkpoint gateways will focus on the security inspection. This is a link to the white paper.

https://www.checkpoint.com/downloads/product-related/solution-brief/sb-radware-checkpoint.pdf

_Val_
Admin
Admin
‎2018-10-05 05:57 AM
In response to Sarah_Elie1

Second that. With a pair of Radware appliances you can create something called "clear text sandwich". Radware will do encryption & decryption while CP GW can do decent inspection in the middle

Pablo_Barriga
Advisor
‎2018-10-22 11:05 PM

Hello so far I tested that with Symantec SSL Visibility.

https://community.checkpoint.com/message/13951-symantec-visibility-appliance-netronome 

0 Kudos
Vato_Chantladze
Contributor
Contributor
‎2019-05-12 04:04 AM
In response to Pablo_Barriga

Hi!

I see Check Point has an official partnership with Radware and this is the reason why there is only one solution brief file what describes Radware Alteon ADC SSL offloading capabilities with CP.

Otherwise, the same thing should work perfectly with other vendors, like Symantec SSL Visibility Appliance or for me, even better product, F5 with hardware SSL offloader. 

Next step I plan to test deployment so-called "Burrito Design" configuration for an F5 SSL offloader with Check Point Appliance in L2 mode with NGTP.

Hope it will work, by design it should.

BR

Vato

0 Kudos
Vladimir
Champion
Champion
‎2019-05-12 06:12 AM
In response to Vato_Chantladze

@Vato_Chantladze , please let us know your findings. I am interested in how it works out and what the final design looked like.

Regards,

Vladimir

0 Kudos
Kim_Moberg
Advisor
‎2023-03-30 11:45 AM
In response to Vato_Chantladze

@Vato_Chantladze what was your findings using different brands for SSL offloading? What was your experience using Symantec vs. F5 SSL offloader.  Any experience with Netscaler for SSL offloading?
Any guides available for setup?

Thanks

Kim

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top