Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LuisSP
Collaborator

Issues between Checkpoint FW and ESET antivirus

Hello everyone.

We have issues some websites. Our perimeter FW is

R80.40, standalone
Blades FW, APPC, URLF, IPS, AV, AB, TE and IA. Besides HTTPS INSPECTION enabled.
In windows hosts:

ESET endpoint security with Filter SSL/TLS functionality enabled (same as https inspection).


Issues: some websites load first time in web browser (edge, firefox, chrome), but in second time don't load o take it long time (2-10minutes) to load. It's worth to mentioned if we delete cookies in web browser, trouble's websites load again without problems..only first time.

Workarounds:

Disable https inspection to such hosts (as source traffice) or to such websites (as destiny traffic)...or...
.... disable Eset Filter SSL/TLS on windows hosts, so it is no longer need to disable the FW HTTPS Inspection
Above means that both CP Https Inspection and ESET Filter SSL/TLS can't work at same time to such websites. Apparently cookies are tried or modified in some point in any way by unknown entity (for me), so  ESET antivirus o CP FW refuse to allow traffic.

I did contact ESET support. Solution them bring me was bypass such websites in eset antivirus, but I don't like this solution because the number of websites is constantly growing, and over time I will end up with hundreds or thousands of bypassed websites, additional of security risks.

 

I did disable temporary threat prevention blades, so just enabled FW, APPC ad URLF, however problematic behavior persist.

 

Any suggestion before I contact checkpoint TAC support?

 

Thanks.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Double HTTPS Inspection will probably cause some issues, particularly if you don’t install the relevant CA certificates as trusted in ESET and Check Point.
Anything in the logs that you can see or through packet capture?
TAC can certainly help with debugging HTTPS Inspection. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events