This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martin_Hofbauer
Contributor
Contributor
‎2022-11-27 07:51 AM

HTTPS Inspection - Limiting Traffic to prevent Remote access protocols

Hi all,

My question is similar to "https://community.checkpoint.com/t5/Security-Gateways/Gateway-as-HTTP-HTTPS-proxy/m-p/159888#M28128"

We want to setup an Internet facing Cluster to replace a non-transparent (HTTP/HTTPS) Proxy . We do NOT want to use the "non-transparent Proxy feature ( for many reasons, also mentioned in the other post) ! Should be a transparent forcing gateway/cluster.

Currently we do not have any  possibility for a setup to test this requirement.

One of these rules there at the current proxy is that e.g. MS RDP or Citrix protocol (or another remote access protocol, also SSH) are recognized (if tunneling via HTTPS) and thus these types of connections were rejected.

We want to implement a rulebase to do the same at the CheckPoint R81.10 cluster.

What is required to do this?

It's obvious that HTTPS inspection needs to be turned on.

a) Do we have to enable "protocol signature" for HTTPS  and/or HTTP as a prerequisite ?

b) Could one approach be to use applications like "Microsoft Remote Desktop Connection","Citrix" or "SSH"  before any other HTTPS/HTTP allow rule to recognize and drop these applications ? Or is another step required: e.g. "drop non-Compliant HTTP" ?

Appreciate any suggestions or ideas!

Thanks
Martin

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2022-11-28 12:15 AM

Why are you posting to the AppSec category? This seems to be HTTPSi question for regular security GWs.

0 Kudos
Martin_Hofbauer
Contributor
Contributor
‎2022-11-29 02:04 AM
In response to _Val_

Because this is a "Application Security" (...) question ... - as I (unfortunately incorrectly) assumed that this is the category for GW application security
 I never worked with "AppSec"   -  this name is another example of a limited talent of your company choosing meaningfull names for products (look at the history of endless number for  names for a VPN client ...)

Thanks for moving to the right category- still waiting for an answer ....

0 Kudos
Alex-
Leader Leader
Leader
‎2022-11-29 02:41 AM
In response to Martin_Hofbauer

Solved: Re: Enable Protocol Signature by default - Check Point CheckMates

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events