This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nas_sheikh
Explorer
‎2018-12-12 08:41 AM

unable to monitor vpn traffic

I have a pc in my environment which uses a vpn to connect to a client site, my question is there a way to monitor traffic via checkpoint when the machine is connected  to the vpn, because i can only see in the logs when the connection is made to the vpn and the ip but after the connection is successful with the vpn i cant see any traffic going through even though user confirms that he is sending data. 

Thanks 

4 Replies
JozkoMrkvicka
Authority
Authority
‎2018-12-12 10:49 AM

Are you using Office Mode or IP Pool NAT? Every user is getting unique IP from the pool and you need to search for this IP in the logs.

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion
‎2018-12-12 11:13 AM

Hmm... that the point of the VPN.

If a user on your premises establishes a VPN from his PC to a remote site, the tunnel is between his PC and the security device at the remote site.

You should not be able to see what is in that tunnel, as it defeats the whole point of securing it.

If, instead, you setup a VPN between your firewall and the remote site and allow your user access to the remote resources, you should be able to monitor the content of the traffic before it is encrypted by the Check Point.

0 Kudos
nas_sheikh
Explorer
‎2018-12-12 11:32 AM
In response to Vladimir

thanks for your reply i totally agree with you as user establishes a VPN from his PC to a remote site so the traffic is all encrypted but do you think i can install the certificates on the checkpoint and then its possible? 

Thanks 

0 Kudos
Vladimir
Champion
Champion
‎2018-12-12 02:36 PM
In response to nas_sheikh

You likely mean installing Check Point certificate on the client for HTTPS inspection, as there is no point in installing certificate on Check Point to achieve what you are trying to.

That's assuming that it is an SSL VPN and that no other controls are present in the application or on the server site to detect MITM SSL.

If it is a well designed solution, than my money is on this not being an option.

If it is an IPSEC vpn with client installed on the PC, it is a definite no go, short of running packet capture on the client itself.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events