- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hello!
I have a question regarding the URL-Filter-Blade, in the following configuration:
- SMS R80.10, latest Hotfix
- FW-GW: VSX-System, R80.10, latest Hotfix
- URL-Filter-Blade in non-transparent-mode (Clients have configured the FW as explicit proxy)
- NO HTTPS-Interception is configured
- cat. HTTPS-Sizes is enabled
Regarding this, I have some questions:
- Is it correct, that the FW does not use the CN for the cat. of HTTPS-Sites, when I use the FW as a explicit proxy?
- In this configuration, is it true, that the block-page for not allowed HTTPS-Sites will not be opened by the client's browser (same as in transparent-mode)? So there is no other way, to use HTTPS-Interception, irrespective which proxy-mode i use, that the clients can open/see the block-page?
- What would you guys suggest, should I use the FW as a transparent URL-Filter or do I have less problems, if I am using the FW as explicit proxy (maybe in combination with HTTPS-Interception)? Performance should not be a problem, because we have a 23500er VSX-Cluster with about 65 GB of RAM and we are talking about 250 Users/Clients.
Best regards
Martin
Hi Martin,
I would investigate / test the UserCheck client (agent) for your scenario and for best performance avoiding explicit proxy is recommended.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY