Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Kovac
Explorer

Multiple Gateways with different outbound certificate for https inspection

Hey! 

One of our customers has multiple clusters for his branch offices. In every branch, he want to use Application Control, URL Filtering and https inspection. His idea is to generate for every cluster it´s own https inspection outbound certificate. Is it possible to realize it? 

 

Cheers

Michael 

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

According to sk65123: HTTPSInspectionFAQ yes.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Michael_Kovac
Explorer

ok. I can not find the solution.... where is it described? 

  1. Which software blades support HTTPS Inspection?
  2. Which operating systems support HTTPS Inspection?
  3. Does HTTPS Inspection require a license? Is it a software blade?
  4. Are there legal implications to enabling HTTPS Inspection in my organization?
  5. Has Check Point cracked HTTPS? Could an attacker do this?
  6. Why do I get certificate warnings in the browser after turning on HTTPS Inspection?
  7. How can I make PCs trust the gateway's CA certificate?
  8. Does HTTPS Inspection use the Security Management server's Internal CA to issue certificates?
  9. Is there a performance impact when enabling HTTPS Inspection on the gateway?
  10. Why are Extended Validation (EV) certificates displayed as regular certificates in the browser?
  11. How are the CAs in the list of Trusted CAs chosen? Is the list updated?
  12. Does HTTPS Inspection check for CRLs? What about OCSP?
  13. Does HTTPS Inspection work on protocols other than HTTPs?
  14. Can I replace the gateway's CA with a different CA?
  15. Is it possible to perform selective inspection - just on specific sites, categories or users?
  16. Why do I sometimes get the gateway CA even for sites that are not configured to be decrypted?
  17. What information from the encrypted traffic is logged?
  18. I read in the news that someone conned the "xyz" CA to give them certificates for the "abc" web site...
  19. Which SSL/TLS versions are supported by HTTPS Inspection?
  20. Why isn't SSLv2 supported?
  21. Which ciphers are supported by SSL inspection?
  22. On which platforms/appliances is HTTPS Inspection supported?
  23. Does HTTPS Inspection support 3rd party wildcard certificates (like *.mycompany.com)?
  24. Why after enabling HTTPS Inspection some resources that use HTTPS protocol fail to connect?
  25. Is Client Certificate authentication supported by HTTPS Inspection?
0 Kudos
G_W_Albrecht
Legend Legend
Legend

8+14.

as well as

Threat Prevention Administration Guide R80.30 p.147f

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

Actually, no. See my reply

 

0 Kudos
_Val_
Admin
Admin

If the question is: "Can I use different outbound certificates" for multiple security GWs under the same management, the answer is no. You can use one CA certificate per Security domain for the outbound TLS inspection. All GWs managed by the same SMS will share it.

If you want to use different certs, you need those GWs to be managed by different security domains. This is possible either with multiple SMSs or with MDM solution.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events