cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Laxi_D
Nickel

HTTPS inspection in Proxy environment

We have proxy server which is processing all https and http traffic. is there any best practise to enable https inspection on edge checkpoint gateway

5 Replies
Admin
Admin

Re: HTTPS inspection in Proxy environment

You would treat the proxy server just as a client, which means configuring it to trust the CA certificate Check Point uses for HTTPS Inspection.

Re: HTTPS inspection in Proxy environment

There is a potential pitfall there. From the perspective of the firewall it's 1 client doing a lot of HTTP and HTTPS sessions. That might get you into trouble where you overload 1 worker and get poor responses.

I strongly suggest you enable Dynamic dispatching as detaild in sk105261 : CoreXL Dynamic Dispatcher in R77.30 / R80.10 and above as it will ruin your day if you start doing HTTPS inspection without it and your gateway gets hit by all that proxy traffic.

Also if you do HTTPS inspection on the proxy .... You might not want to do it again on the gateway. It will ruin your response times as you may notice as people find that webpages load slower.

As with anything in live: Just give it some though before you start implementing it. There is definitely more to it then meets the eye.

Laxi_D
Nickel

Re: HTTPS inspection in Proxy environment

Main reason for activating https inspection on firewall is Sand Blast Appliance. Without https inspection threat emulation is in vain, right?

0 Kudos
Admin
Admin

Re: HTTPS inspection in Proxy environment

You're going to miss a bunch of potential threats without HTTPS Inspection, yes.

Highlighted

Re: HTTPS inspection in Proxy environment

Consider having your proxy in a DMZ so the CP sees the proxied ("CONNECT" ) request rather than an encrypted tunnel only as it will have an impact on whether the CP will be able to learn the actual hostname or just the certificate information. This is particularly important for correctly logging or bypassing sites that are hosted on a site like cloudflare where the logging and bypassing information would otherwise only show cloudflare rather than the actual website. See my research here   

0 Kudos