Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martin_Hofbauer
Contributor

HTTPS Inspection - Limiting Traffic to prevent Remote access protocols

Hi all,

My question is similar to "https://community.checkpoint.com/t5/Security-Gateways/Gateway-as-HTTP-HTTPS-proxy/m-p/159888#M28128"

We want to setup an Internet facing Cluster to replace a non-transparent (HTTP/HTTPS) Proxy . We do NOT want to use the "non-transparent Proxy feature ( for many reasons, also mentioned in the other post) ! Should be a transparent forcing gateway/cluster.

Currently we do not have any  possibility for a setup to test this requirement.

One of these rules there at the current proxy is that e.g. MS RDP or Citrix protocol (or another remote access protocol, also SSH) are recognized (if tunneling via HTTPS) and thus these types of connections were rejected.

We want to implement a rulebase to do the same at the CheckPoint R81.10 cluster.

What is required to do this?

It's obvious that HTTPS inspection needs to be turned on.

a) Do we have to enable "protocol signature" for HTTPS  and/or HTTP as a prerequisite ?

b) Could one approach be to use applications like "Microsoft Remote Desktop Connection","Citrix" or "SSH"  before any other HTTPS/HTTP allow rule to recognize and drop these applications ? Or is another step required: e.g. "drop non-Compliant HTTP" ?

Appreciate any suggestions or ideas!

Thanks
Martin

0 Kudos
3 Replies
_Val_
Admin
Admin

Why are you posting to the AppSec category? This seems to be HTTPSi question for regular security GWs.

0 Kudos
Martin_Hofbauer
Contributor

Because this is a "Application Security" (...) question ... - as I (unfortunately incorrectly) assumed that this is the category for GW application security
 I never worked with "AppSec"   -  this name is another example of a limited talent of your company choosing meaningfull names for products (look at the history of endless number for  names for a VPN client ...)

Thanks for moving to the right category- still waiting for an answer ....

0 Kudos
Alex-
Advisor

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events