This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vivekk1
Participant
‎2019-09-19 04:53 PM

Antivirus blade prose and cons.

Hi All,

I want to enable Antivirus blade in R80.10. My firewall (5400) is in production environment. My firewall max connection is 79797. Already VPN, Application control, IPS and Antibot blade enabled. Just want to know what will be prose and cons if I enabled Antivirus blade. 

Please help me.

Regards,
Vivek Kumar
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-09-20 12:29 PM

As you've already enabled IPS and Anti-Bot, there should not be a significant performance impact enabling Anti-Virus.
The pro is: it will catch more potentially bad things.
vivekk1
Participant
‎2019-09-20 02:46 PM
In response to PhoneBoy

Hi, 

Thank you for your response.

 When we enable Antivirus blade so it will monitor SMTP and http traffic by default. If we want to inspect https and SSL traffic, we need to enable HTTPS inspection and threat emulation blade. Am I correct?

Is there any impact on my firewall performance or latency in traffic?

Regards,
Vivek Kumar
0 Kudos
FedericoMeiners
Advisor
‎2019-09-21 08:24 AM
In response to vivekk1

If you want to inspect SSL traffic then you will need to perform outbound or inbound SSL Inspection, keep in mind that there is an increased resource usage when inspectin SSL traffic, I strongly suggest you to go with a gradual inspection approach. In other words: Inspect by segments and see how it impacts your GW.

When using SSL Inspection be sure to run R80.20 or R80.30, R80.30 works best but has less kernel flags that allow you to bypass certain things. You may want to look at this post that I made were I give advices about SSL Inspection: https://community.checkpoint.com/t5/General-Topics/Outbound-SSL-Inspection-A-war-story/m-p/58647

Finally be sure to check SSL Best practices in sk108202

Threat emulation is another blade that doesn't have to do with SSL Inspection or Antivirus, main purpose is to emulate files downloaded from emails and http/https, at the moment is the most eficient solution to detect zero days. You will need NGTX licensing to run it.

Regards,

 

____________
https://www.linkedin.com/in/federicomeiners/

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top