This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martin_Peinsipp
Contributor
‎2019-01-11 03:40 AM

R80.10 GW (VSX) and Non-Transparent Mode (URL-Filter-Blade)

Hello!

I have a question regarding the URL-Filter-Blade, in the following configuration:

- SMS R80.10, latest Hotfix

- FW-GW: VSX-System, R80.10, latest Hotfix

- URL-Filter-Blade in non-transparent-mode (Clients have configured the FW as explicit proxy)

- NO HTTPS-Interception is configured

- cat. HTTPS-Sizes is enabled

Regarding this, I have some questions:

- Is it correct, that the FW does not use the CN for the cat. of HTTPS-Sites, when I use the FW as a explicit proxy?

- In this configuration, is it true, that the block-page for not allowed HTTPS-Sites will not be opened by the client's browser (same as in transparent-mode)? So there is no other way, to use HTTPS-Interception, irrespective which proxy-mode i use, that the clients can open/see the block-page?

- What would you guys suggest, should I use the FW as a transparent URL-Filter or do I have less problems, if I am using the FW as explicit proxy (maybe in combination with HTTPS-Interception)? Performance should not be a problem, because we have a 23500er VSX-Cluster with about 65 GB of RAM and we are talking about 250 Users/Clients.

Best regards

Martin

1 Reply
Chris_Atkinson
Employee
Employee
‎2019-01-11 03:53 AM

Hi Martin,

I would investigate / test the UserCheck client (agent) for your scenario and for best performance avoiding explicit proxy is recommended.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events