This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dianammar
Explorer
‎2022-10-18 01:03 PM
Jump to solution

Gateway as HTTP/HTTPS proxy

If the firewall is configured as HTTP/HTTPS proxy, and user is using for example SSH over HTTP, does the firewall proxy this traffic?

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-18 01:14 PM
Jump to solution

While we support being configured as an (explicit) HTTP/HTTPS proxy, it's not a configuration we generally recommend.
Performance characteristics of proxy mode are substantially different and recommend you work with your Check Point SE to ensure your gateways are appropriately sized for such a configuration.

To answer your specific question, it entirely depends on how the SSH traffic is being tunneled as to whether it will be detected or not.
It also depends on whether you've enabled IPS and have the SSH over Non-Standard Port signature enabled (how such behavior is typically detected).

View solution in original post

0 Kudos
rrbranco
Collaborator
Collaborator
‎2022-10-20 09:22 AM
Jump to solution

On your case, would it be possible to consider using SSH DPI ?   

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...


View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2022-10-18 01:14 PM
Jump to solution

While we support being configured as an (explicit) HTTP/HTTPS proxy, it's not a configuration we generally recommend.
Performance characteristics of proxy mode are substantially different and recommend you work with your Check Point SE to ensure your gateways are appropriately sized for such a configuration.

To answer your specific question, it entirely depends on how the SSH traffic is being tunneled as to whether it will be detected or not.
It also depends on whether you've enabled IPS and have the SSH over Non-Standard Port signature enabled (how such behavior is typically detected).

0 Kudos
dianammar
Explorer
‎2022-10-18 01:25 PM
In response to PhoneBoy
Jump to solution

So in general, can we limit any other protocols so they don't be passed by the proxy if they run over HTTP or HTTPS?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-18 03:29 PM
In response to dianammar
Jump to solution

First of all, an HTTP proxy won't work if the HTTP that comes across it is not well formed.
Beyond that, yes, you can do further limiting with App Control and/or IPS.
You will probably also need HTTPS Inspection enabled as well. 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-10-18 06:08 PM
In response to dianammar
Jump to solution

Yes, note protocol signatures may also be something to explore here e.g.

proto sig.png

CCSM R77/R80/ELITE
0 Kudos
rrbranco
Collaborator
Collaborator
‎2022-10-20 09:22 AM
Jump to solution

On your case, would it be possible to consider using SSH DPI ?   

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...


0 Kudos
dianammar
Explorer
‎2022-10-24 08:34 AM
In response to rrbranco
Jump to solution

Thanks everyone. We might consider SSH DPI for SSH traffic as well as inforcing policies with App control

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events