Hello
I am looking for some advice/guidance on HTTPS Inspection Setup.
Currently we use a 3rd party product for our web filtering but we want to look at trialing the Check Point URL/Application Control to replace this.
So far, I have enabled the following blades to work for this, Application Control, URL Filtering, Identity Awareness, Content Awareness, IPS, Anti-Bot & Anti-Virus.
Next on the list to look at is HTTPS Inspection. I want to be careful that when I enable this, I don't want to effect our current filtering with decrypting the traffic. We also have 5 Gateways that I would look at enabling over a few days. I have listed a few steps that I think would work and was seeing if these would make sense?
- On my first GW, enable HTTPS Inspection.
- Create a new certificate and enable HTTPS Inspection. It's my understanding, that this certificate could then be used on my 4 other GW's?
- Check HTTPS inspection Policy and amend the rule I have here for Action - Change to Bypass
- Push Policy
These steps, it would enable HTTPS Inspection but as I have set the policy rule to Bypass Inspection, it should not effect my current filtering solution.
I could then follow the same type of steps for my other 4 GW's.
Once this has been enabled across my FW estate, I could look at either using Identity Awareness with users or provide IP's to perform some testing. The certificate I generated on the GW for HTTPS Inspection, I would deploy to my test group. I would also create HTTPS Inspection rules using the source as either my user or IP as above.
I have also watched this video that also suggests some other things like Hold v Background etc
https://community.checkpoint.com/t5/Member-Exclusive-Content/HTTPS-Inspection-Best-Practices-TechTal...
Would this roll out make sense or am I missing some steps here?
Thanks