Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
keydee
Participant

HTTPS Inspection of Traffic Flow - HTTPS, FIREWALL AND IPS

We have enabled HTTPS inspection covering IPS, IDS, antibot and antivirus. What should be appearing first on the traffic rule in the firewall. Because I normally see https inspection then firewall then IDS. Could you kindly provide an idea on how to carefully analyze these. Which blade should be first appearing on the traffic thats my concern.

2 Replies
PhoneBoy
Admin
Admin

In general you can expect Access Control logs (firewall, VPN, App Control, URL Filtering) to come up before Threat Prevention logs.
HTTPS Inspection may be required before either Access Control or Threat Prevention makes sense, so these logs may appear before the others.
There are circumstances where it might vary from this slightly.
If you have a specific concern, a concrete example from your logs would be helpful.
HeikoAnkenbrand
Champion Champion
Champion

 

Policy Matchimg.JPG
Picture is from Slides in article: HTTPS Inspection Best Practices TechTalk: Video, Slides, and Q&A

PS: Log entries should appear in a similar order.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events