Hello CheckMates,

I have below doubt to be implemented, can anyone shed some ideas on how to achieve.

1) I have CheckPoint ClusterHA deployed and VPN Tunnel is running towards Peer 3rd Party FW.

2) Enabled FW, VPN, IPS, APP/URL, AV, AB blades in CheckPoint.

3) Behind CheckPoint Cluster - we have SFTP Server in VPN Domain

4) Behind Peer 3rd FW - we have Client machine who will access our SFTP server via VPN Tunnel and upload files.

How can I inspect this SFTP traffic in CheckPoint?

Like, if I'm uploading any malware file onto our SFTP Server via VPN Tunnel from 3rdParty Client domain, will CheckPoint FW able to inspect this? (Either IPS or AV)

As per FW chain modules, at external interface of CheckPoint-decrypt happens and then moved to modules like IPS/AV into FW kernel. Then the packet reaches Internal SFTP server.

I cannot use HTTPS inspection Policy as it is not HTTP/S protocol.

Which way I can inspect this traffic which is passing via Tunnel and reaches CheckPoint and then to SFTP Server.

Note: Under Threat Profile - under AV setting we see "Protocol-HTTP, FTP, SMTP" - will enabling FTP can work?

Also IPS can only check few of SFTP/FTP Protocols based on signatures only

Regards, Prabu