This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marcinw
Contributor
‎2020-10-02 07:32 AM

Zoom, HTTPS inspection and performance

Hi 

Owing to Covid19 many users in my network have moved to VPN remote access, many of them use ZOOM for videoconferences, I am wondering from security point of view if it is ok I if exclude this traffic from HTTPS inspection to increase the performance of the firewall  (checkpoint 5100) ? Second question will it increase the performance significantly, is it worth to do that ? Any opinions welcome

thanks 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-10-02 08:26 AM

Most certainly it will improve performance, by how much depends on how much Zoom is used.
What would increase your performance even more is not "routing all traffic" through the VPN.

 

marcinw
Contributor
‎2020-10-02 08:41 AM
In response to PhoneBoy

We expect that Zoom will be using a lot.  We have proxy server behind the Gateway that user use so they have to be routed through the gateway. At this moment on the VPN clients  / Remote Access bookmark on the firewall it is marked "Allow VPN clients to route traffic through this gateway". How can I exclude only Zoom traffic from being routed through VPN gateway ?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-02 09:16 AM
In response to marcinw

You’d have to create an encryption domain that includes everything but Zoom IPs.
There are scripts that do this for Office 365 here:  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I imagine they could be adapted for Zoom also.

But like I said, I’m not a fan of “Route All Traffic” anyway.
There are better solutions that protect the endpoints even when they are not connected to VPN.
This is why we include Remote Access VPN as part of SandBlast Agent.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events