This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NeilDavey
Collaborator
‎2019-03-20 04:20 AM

HTTPS Decryption

Hello,

I am looking to see if anyone has any suggestions/ideas on best ways for HTTPS web traffic etc.

At present I have a Cisco Proxy Appliance used for web traffic (on the inside of the Firewall) and I decrypt web traffic here.  The Cisco Proxy Appliance can then allow/block the relevant traffic.

From the Check Point, I want to use this in a basic form to do additional blocking that the Cisco Proxy Appliance is unable to do ie block Dropbox/One Drive, Yahoo Messenger, etc) but at present this is not working fully as I don't have HTTPS Inspection enabled.

I am looking for any suggestions/ideas if anyone else has the same type of setup?

Ways I could do this at the moment would be:

1 - decrypt Cisco Proxy Appliance traffic and leave Firewall as is (Cisco could identify all traffic but Firewall wouldn't)

2 - no decrypt on Cisco Proxy Appliance and decrypt all traffic at Firewall (Cisco couldn't identify all traffic but Firewall could)

3 - decrypt Cisco Proxy Appliance traffic and decrypt Firewall traffic (Cisco and Firewall could identify all traffic however this may have performance impact)

Thanks

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-03-21 11:28 AM

Why are you maintaining two seperate security solutions?
0 Kudos
NeilDavey
Collaborator
‎2019-03-23 02:20 AM
In response to PhoneBoy

The Cisco Proxy Appliance is our corporate standard product for Web Filtering and the reporting is also very detailed. I have in the past tried to use the Check Point URL/App Control for filtering but had issues where some sites would be allowed which I would not want and vice versa. I also am unsure why Check Point categorize websites as multiple categories (example, www.playboy.com Categories: Sex, Nudity, Entertainment). This was causing issues in creating a base policy for users which didn't work for us.

I was just seeing if anyone else had a main filtering product but also used the Check Point for more granular filtering.
0 Kudos
Vladimir
Champion
Champion
‎2019-03-21 01:48 PM

I do not think that pairing your Cisco appliance with Check Point gateway is the optimal solution.

I'd have all traffic decrypted analyzed and blocked or allowed by Check Point.

"One to many" dedicated SSL decryptors/re-encryptors are a different story, but we are talking about IXIA, Gigamon, F5 or Symantec SSL in these cases.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events