Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jon_Crotteau
Participant

HTTPS Inspection

When having an HTTPS inspection rule and the Check Point firewall re-encrypts the connection to the destination, is there a version that can support re-encrypting as TLS1.1 for some destinations and TLS1.2 for others, etc.? Or, is every Check Point firewall version going to do the same TLS version for all re-encrypted connections on to all destinations? 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

It should mimic what the client does.
Note if you configure a minimum version (global setting), that version will be enforced by HTTPS Inspection. 

0 Kudos
Jon_Crotteau
Participant

Are you saying that if globally I have it at TLS1.1 and the client initiates at TLS1.2 that the gateway will use TLS1.2 to the server no matter what gateway version I have (lets just say anything R77 and up). 

0 Kudos
PhoneBoy
Admin
Admin

Assuming the gateway version supports the relevant ciphers and TLS version, yes, that's my understanding.
That said, if you're doing HTTPS Inspection, it is highly recommended you are on the most current release in order to leverage the latest ciphers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events