This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
T-pix
Explorer
‎2023-07-27 01:09 AM
Jump to solution

Log outbound HTTP requests with HTTPS inspection

Hello experts.


We are investigating unusual outbound traffic on one of our customers with CP Gateways R80.30 Build 215 (Take 227).
We established HTTPS inspection of outbound traffic. Configured Access rules and HTTPSi policy for inspection of specific set of hosts source and destinations.

In logs we can observe usual staff for L4 like src IP, src User (from Identity Awareness), dst IP, dst FQDN (resource from HTTPi), etc.

Now we need to understand what kind of queries and HTTP requests (GET/POST) were sent in those sessions.

Dear community members,
could you please tell me how to log/monitor L7 queries with Check Point (like on WAF/LB for Web Inspection)?
Before asking I’ve searched for this topic on the Check Mates and didn’t find anything suitable. Is it possible after all to do it with CP Gateway?

Thank you in advance.

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2023-07-27 01:12 AM
Jump to solution

1. R80.30 is out of support for a while now.

2. Try the "Extended log" option for your needs.

View solution in original post

0 Kudos
2 Replies
_Val_
Admin
Admin
‎2023-07-27 01:12 AM
Jump to solution

1. R80.30 is out of support for a while now.

2. Try the "Extended log" option for your needs.

0 Kudos
T-pix
Explorer
‎2023-07-27 03:59 AM
In response to _Val_
Jump to solution

Oh yes. Extended logging for specific Access rule does the thing. Thank you very much.

And yes, we are planning to upgrade to R81.10.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events