This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tom_Cripps
Advisor
‎2018-06-07 07:15 AM

Easier way to bypass a IP address in AWS or Azure

Has anyone found an easier way to bypass an IP address(es) which are cloud hosted? 

I can't think of an easier way rather than taking away the function of HTTPS inspection and bypassing all for the time being, then later removing the newly added rule?

5 Replies
PhoneBoy
Admin
Admin
‎2018-06-08 11:27 AM

Just to confirm what you're asking; you're trying to bypass www.example.com where this host does not have a fixed IP address.

You should be able to create a custom application with the URL as described here: Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on... 

Create a bypass rule using that custom category, as described here: Enabling HTTPS Inspection causes some applications to stop working 

The first time you connect to the site (after pushing policy), it will fail because the IP > Name association hasn't taken place yet.

After that, it should work.

0 Kudos
Tom_Cripps
Advisor
‎2018-06-08 11:40 AM
In response to PhoneBoy

Hi Dameon,

No I’m meaning is there an easier way to bypass an IP which is not static and the particular host name is not resolved, or even worse is an Akamai/AWS/Azure hostname?

Not too sure if that’s even possible without the creation of possibly a custom application for cloud IP address for example if development was even able to make that

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-08 12:01 PM
In response to Tom_Cripps

Presumably the host you are wanting to bypass has a DNS name, right?

You'll create a custom application for that DNS name (or multiple) per the SK I mentioned.

Also, you'll create a bypass rule for the category used for that custom application per the other SK I mentioned.

0 Kudos
Tom_Cripps
Advisor
‎2018-06-08 01:45 PM
In response to PhoneBoy

I don’t think we’re on the same page, is it possible to bypass a IP address which Checkpoint doesn’t resolve its hostname and it’s an IP in like aws or azure for example, like an elastics address but the hostname doesn’t resolve with smartlog

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-08 02:03 PM
In response to Tom_Cripps

How does the end user know to connect to that specific IP you're seeing in SmartLog?

Most likely it's a DNS name they are typing into a web browser or an app is using.

If you know that DNS name (I.e. The end user can tell you), then you can follow the SK's I've linked to.

If you don't know this DNS name, you create a host object with the IP address you're seeing in SmartLog and put it in a bypass rule.

Obviously if the IP changes (or there are multiple IPS) then you'll have to create another object and add it to the rule. 

If you can do a packet capture on the client DNS traffic, you may be able to figure out what DNS name the client is trying to connect to and use the SK'S I've linked.

Hope that's clear.


Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events