This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
Advisor
‎2024-05-13 04:35 AM

HTTPS inbound

Hi

Does HTTPS inbound inspection requires a certificate from a well-known and trusted Certificate Authorities (CAs) that issue SSL/TLS certificates like
DigiCert
Comodo
GlobalSign
GoDaddy

to be able to inspect inbound traffic without the TLS warning on browsers?

 

 

While outbound HTTPS inspection can be a valuable security tool, it has limitations when it comes to detecting malware on external websites. This inspection focuses on the traffic initiated by the client (your device) and cannot directly analyze the content of the response data sent back by the website.

Is the above text 100% right

 

 

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
‎2024-05-13 05:29 AM

Outbound inspection is for protecting LAN users accessing external websites on the Internet.

Inbound inspection is guarding against attacks targeting your web servers in the DMZ for example.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

CCSM R77/R80/ELITE
0 Kudos
Moudar
Advisor
‎2024-05-13 05:43 AM
In response to Chris_Atkinson

so if an internal client is opening a milicious website, outbound inspection will detect the answer from that server and block it?

Does HTTPS inbound inspection requires a certificate from a well-known and trusted Certificate Authorities (CAs) that issue SSL/TLS certificates like
DigiCert
Comodo
GlobalSign
GoDaddy

to be able to inspect inbound traffic without the TLS warning on browsers?

0 Kudos
emmap
Employee
Employee
‎2024-05-13 11:23 PM
In response to Moudar

Please don't confuse 'Inbound' with 'reply' traffic. Anything referring to 'Inbound' is referring to connections established from outside your network, connecting in to a server you are hosting, for example you might be hosting a web server that people are connecting in to. In this case you'd need a publicly trusted server certificate. 

'Outbound' is any connection opened from within your network out to the internet, and covers all the packets related to that connection. So a user downloading a file from the internet is an 'outbound' connection, because the user established the connection to the web server. This connection and the download of the file would be covered by the Outbound HTTPS Inspection configuration, and the CA certificate used for this. Only the user on your network needs to trust this CA cert, the external server is not doing any validation of the CA cert as it does not see it at all. It simply presents its server cert (ideally provided by a publicly trusted CA) to the world and it's up to the user PC to trust that cert. 

the_rock
Legend
Legend
‎2024-05-14 04:12 AM
In response to emmap

Excellent explanation.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-13 09:42 AM

Depends on the site you are doing Inbound HTTPS Inspection on.
If that site should use a certificate that has been signed by a publicly trusted CA, so should the certificate you use in the Inbound HTTPS Inspection configuration.
Generally, the same cert is used for both.

0 Kudos
the_rock
Legend
Legend
‎2024-05-13 10:04 AM

I have real good doc for this, but it was made specifically by esc. guy for a customer, so cant share it sadly, but answers you got are logical.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events