Hi @pedkha1,
R80.30/R80.20 with enabled HTTPS interception:
If the https interseption is enabled, the parameter host from http can be used for the url because the traffic is analyzed by active streaming. Check Point Active Streaming (CPAS) allow the changing of data, we play the role of “man in the middle”. CPAS breaks the connection into two parts using our own stack – this mean, we are responsible for all the stack work (dealing with options, retransmissions, timers etc.). An application is register to CPAS when a connection start and supply callbacks for event handler and read handler. Several protocols uses CPAS, for example: HTTPS, VoIP (SIP, Skinny/SCCP, H.323, etc.), Security Servers processes, etc. CPAS breaks the HTTPS connection into two parts using our own stack – this mean, we are responsible for all the stack work (dealing with options, retransmissions, timers etc.)
More read here: R80.x Security Gateway Architecture (Content Inspection)
R80.30/R80.20 without enabled HTTPS interception:
If the https interseption is disabled, SNI is used to recognize the virtual URL for application control and url filtering.
More read here: URL Filtering using SNI for HTTPS websites.pdf
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips