There have been several discussions about the proper rule order in the HTTPS Inspection Policy to maximize efficiency and avoid Active Streaming (CPASXL) as much as possible. Would the following order be completely accurate? My main question is whether the Services field in the final cleanup rule should be "Any" or "HTTPS Default Services"? Obviously one should also avoid using "Any" in the Destination and Services field to make sure traffic is not inappropriately pulled into Active Streaming.
-
Rules specifying an Action of "Bypass" that are matching only specific source and destination IP addresses/networks (no domains) with a Category of "Any"
-
Rules bypassing sites known to not work with HTTPS Inspection via the Check Point-provided ‘HTTPS Services – bypass’ updatable object; see sk163595 for further explanation.
-
Rules specifying an Action of "Bypass" that are matching specific source and destination IP addresses/networks (and/or domains) with a Category of "Any".
-
Rules specifying an Action of "Bypass" that are matching specific source and destination IP addresses/networks (and/or domains) with specific Categories set.
-
Rules specifying an Action of "Bypass" that are matching specific source and destination IP addresses/networks (and/or domains) with specific categories or a Category of "Any" set.
-
Rules specifying Inspect actions.
-
A "cleanup rule" consisting of "Any Any ‘HTTPS default services’ Any Bypass"
Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices
Self-Guided Video Series Coming Soon