This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Collaborator
‎2023-07-27 12:10 PM

HTTPS Bypass

I'm currently trying to clean up a policy that's been in place for several years. It was build under R80.20 and has a huge number of rules on the HTTPS policy, most of which are bypass rules. There are several that bypass based on destination IP, things like web based license servers (eg  Autodesk), but the majority bypass based on custom applications that contain a list of url's (things like webex, dropbox and even AWS). Whilst I'm aware that this is probably the best way to do it, I'm wondering if all of these are needed now that it's all R81.20, which handles HTTPS inspection much better than R80.20 used to.

Has anyone got any thoughts or advice on this at all? I'm thinking about possibly removing a fair amount of these and monitor/re-add them if necessary later.

Thanks in advance!

 

0 Kudos
7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-07-27 01:12 PM

I know its been brought up many times, but me personally, I always put bypass rules first, then any any inspect at the bottom, but people suggest doing any any bypass at the bottom.

Either way, you should disable rules not needed, so if you need them later, easy to re-enable.

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-07-27 04:28 PM

Built-in objects as outlined in sk163595 may be helpful here.

Pay good attention to the policy structure to avoid common pit falls:

https://community.checkpoint.com/t5/Management/HTTPS-Inspection-Policy-Rule-Order/td-p/128681#M27952

https://community.checkpoint.com/t5/Management/HTTPS-Inspection-Policy-Rule-Order/td-p/128681#M27952

Further enhancements are expected with R82+ to help manage the journey that is HTTPs inspection

CCSM R77/R80/ELITE
the_rock
MVP Platinum
MVP Platinum
‎2023-07-27 04:36 PM
In response to Chris_Atkinson

You used the right term...journey haha, so true : - )

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-28 10:12 AM

In R81.20, you can leverage other types of objects in your HTTPS Inspection Policy (Updatable Objects in particular).
It should help you clean up the policy after upgrading, but it should not cause any issues when you upgrade.

the_rock
MVP Platinum
MVP Platinum
‎2023-07-28 10:21 AM
In response to PhoneBoy

One of my favorite features in R81.20!

Best,
Andy
0 Kudos
StevePearson
Collaborator
‎2023-07-29 06:57 AM
In response to PhoneBoy

One of the issues with HTTPS inspection in R80.20 was the poor support around SNI I believe, which I also believe was much improved from R81, so this is what I'm hoping will make a lot of the existing rules obsolete now!

However, I will also look at making use of the Updatable objects too as they look as if they will remove a fair few of the existing rules.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-07-29 07:28 AM
In response to StevePearson

I strongly recommend R81.20, as https inspection performs so much better.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events