This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael_Kovac
Explorer
‎2019-08-26 07:47 AM

Multiple Gateways with different outbound certificate for https inspection

Hey! 

One of our customers has multiple clusters for his branch offices. In every branch, he want to use Application Control, URL Filtering and https inspection. His idea is to generate for every cluster it´s own https inspection outbound certificate. Is it possible to realize it? 

 

Cheers

Michael 

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-08-27 02:27 AM

According to sk65123: HTTPSInspectionFAQ yes.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Michael_Kovac
Explorer
‎2019-08-27 02:42 AM
In response to G_W_Albrecht

ok. I can not find the solution.... where is it described? 

  1. Which software blades support HTTPS Inspection?
  2. Which operating systems support HTTPS Inspection?
  3. Does HTTPS Inspection require a license? Is it a software blade?
  4. Are there legal implications to enabling HTTPS Inspection in my organization?
  5. Has Check Point cracked HTTPS? Could an attacker do this?
  6. Why do I get certificate warnings in the browser after turning on HTTPS Inspection?
  7. How can I make PCs trust the gateway's CA certificate?
  8. Does HTTPS Inspection use the Security Management server's Internal CA to issue certificates?
  9. Is there a performance impact when enabling HTTPS Inspection on the gateway?
  10. Why are Extended Validation (EV) certificates displayed as regular certificates in the browser?
  11. How are the CAs in the list of Trusted CAs chosen? Is the list updated?
  12. Does HTTPS Inspection check for CRLs? What about OCSP?
  13. Does HTTPS Inspection work on protocols other than HTTPs?
  14. Can I replace the gateway's CA with a different CA?
  15. Is it possible to perform selective inspection - just on specific sites, categories or users?
  16. Why do I sometimes get the gateway CA even for sites that are not configured to be decrypted?
  17. What information from the encrypted traffic is logged?
  18. I read in the news that someone conned the "xyz" CA to give them certificates for the "abc" web site...
  19. Which SSL/TLS versions are supported by HTTPS Inspection?
  20. Why isn't SSLv2 supported?
  21. Which ciphers are supported by SSL inspection?
  22. On which platforms/appliances is HTTPS Inspection supported?
  23. Does HTTPS Inspection support 3rd party wildcard certificates (like *.mycompany.com)?
  24. Why after enabling HTTPS Inspection some resources that use HTTPS protocol fail to connect?
  25. Is Client Certificate authentication supported by HTTPS Inspection?
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-08-27 02:48 AM
In response to Michael_Kovac

8+14.

as well as

Threat Prevention Administration Guide R80.30 p.147f

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin
‎2022-09-28 03:01 AM
In response to G_W_Albrecht

Actually, no. See my reply

 

0 Kudos
_Val_
Admin
Admin
‎2022-09-28 03:00 AM

If the question is: "Can I use different outbound certificates" for multiple security GWs under the same management, the answer is no. You can use one CA certificate per Security domain for the outbound TLS inspection. All GWs managed by the same SMS will share it.

If you want to use different certs, you need those GWs to be managed by different security domains. This is possible either with multiple SMSs or with MDM solution.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top