- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Antivirus blade prose and cons.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Antivirus blade prose and cons.
Hi All,
I want to enable Antivirus blade in R80.10. My firewall (5400) is in production environment. My firewall max connection is 79797. Already VPN, Application control, IPS and Antibot blade enabled. Just want to know what will be prose and cons if I enabled Antivirus blade.
Please help me.
Vivek Kumar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The pro is: it will catch more potentially bad things.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for your response.
When we enable Antivirus blade so it will monitor SMTP and http traffic by default. If we want to inspect https and SSL traffic, we need to enable HTTPS inspection and threat emulation blade. Am I correct?
Is there any impact on my firewall performance or latency in traffic?
Vivek Kumar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to inspect SSL traffic then you will need to perform outbound or inbound SSL Inspection, keep in mind that there is an increased resource usage when inspectin SSL traffic, I strongly suggest you to go with a gradual inspection approach. In other words: Inspect by segments and see how it impacts your GW.
When using SSL Inspection be sure to run R80.20 or R80.30, R80.30 works best but has less kernel flags that allow you to bypass certain things. You may want to look at this post that I made were I give advices about SSL Inspection: https://community.checkpoint.com/t5/General-Topics/Outbound-SSL-Inspection-A-war-story/m-p/58647
Finally be sure to check SSL Best practices in sk108202
Threat emulation is another blade that doesn't have to do with SSL Inspection or Antivirus, main purpose is to emulate files downloaded from emails and http/https, at the moment is the most eficient solution to detect zero days. You will need NGTX licensing to run it.
Regards,
https://www.linkedin.com/in/federicomeiners/
- Tags:
- ssl inspection
