Https Inspection Internet Object

bob111

Hey guys,
In the https inspection policy there is an object called internet, I can guess from the name what it means but what is it actually? Is it like any? Also I saw somewhere that said that using the internet object determines weather the traffic is considered inbound or outbound which sounds weird, is that true?

bob111

Also, is there a difference between the inbound and outbound, or does it just depend on the certificate you should put in the certificate column of a certain rule

AkosBakos

Hi @bob111

The Internet object in the Application Control & URL Filtering policy actually only applies to traffic that's leaving an interface marked as external.

https://community.checkpoint.com/t5/Management/quot-Internet-quot-object-Internet/m-p/21030#M16513

bob111

Thanks! Do you know when traffic is considered outbound or inbound in https inspection? Is it just according to the certificate you put in a rule?

AkosBakos

Hi,

I don’t think that the cert influances the direction of the traffic.

AkosBakos

Hi @bob111

And the official SK: https://support.checkpoint.com/results/sk/sk64543

"Internet" means "include all traffic from Internal directed to External or DMZ according to gateway topology".

the_rock

Internet object strictly means ONLY external ip addresses. Unlike any, which means both internal/external.

Personally, I use Internet object for urlf ordered layer, though can be used in any layer where urlf blade is enabled in policy layer settings.

Makes sense?

Andy

Are you a member of CheckMates?

Https Inspection Internet Object