This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
avi3383
Participant
‎2021-04-22 08:59 AM
Jump to solution

Https inspection query on Cloudguard IaaS

Hi,

We have deployed autoscale security gateway on AWS cloud only for Northbound traffic to protect web application hosted in AWS customer account.

All application are publicly published and can be access from Internet.

Below is the traffic flow:

User access web application from internet--->traffic came to route53 and resolved in load balancer Ip adddress--->>when external load received the traffic and do the Ssl termination and sent the traffic to target group---->>Target Group is Cloudguard IaaS firewall----->Internal LB--->application hosted server.

My query is here that when External load balancer doing the ssl termination and sent the decrypted to Cloudguard IaaS.

Is it require to do https inspection on Cloudguard IaaS for received decrypted traffic from external LB?

If I am not doing https inspection because received traffic from external LB is already decrypted. Will my enabled blade on firewall do inspect of these traffic.

Please guide me to do correct deployment

 

 

 

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-04-25 11:51 PM
In response to avi3383
Jump to solution

If it were straight HTTP, the service would say...HTTP.
There are a lot of things in those logs that say TLS, which is most likely encrypted.
There are things that say TCP also, which is probably not encrypted.
To confirm what it is, you'd probably have to run a tcpdump to see what the actual traffic looks like.

Note that HTTPS Inspection is generally only done with HTTPS traffic on one of the standard ports.
It doesn't work with TLS traffic in general.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-04-25 09:33 PM
Jump to solution

If the gateway is seeing only unencrypted traffic, then you don't need to run HTTPS Inspection at all.

0 Kudos
avi3383
Participant
‎2021-04-25 10:19 PM
In response to PhoneBoy
Jump to solution

Thanks for your response.

is there any way to identify unencrypted traffic logs? Please guide.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-25 10:44 PM
In response to avi3383
Jump to solution

The traffic will be HTTP traffic if it's coming from the load balancer. 
Whatever blades you have activated with appropriate policies will apply to the traffic.
This should be clearly visible in the Logs and Monitoring (or SmartView).

0 Kudos
avi3383
Participant
‎2021-04-25 11:43 PM
In response to PhoneBoy
Jump to solution

Can you confirm below logs are http logs...these are coming from LB and Https termination are enabled on LB.

 

Preview file
273 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-25 11:51 PM
In response to avi3383
Jump to solution

If it were straight HTTP, the service would say...HTTP.
There are a lot of things in those logs that say TLS, which is most likely encrypted.
There are things that say TCP also, which is probably not encrypted.
To confirm what it is, you'd probably have to run a tcpdump to see what the actual traffic looks like.

Note that HTTPS Inspection is generally only done with HTTPS traffic on one of the standard ports.
It doesn't work with TLS traffic in general.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events