Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
GomesLucas
Explorer

Blade HTTPS Inspection Behavior

We have doubts about the behavior of the Blade HTTPS Inspection when there are no rules explicitly created: what happens in the communication? We do not have rules, we understand that the communication will not be inspected, therefore it would be a behavior identical to a bypass.

0 Kudos
6 Replies
Chris_Atkinson
Employee
Employee

sk108202 describes the simplified inspection flow.

How is the "fail" mode for the blade configured and what is your objective with having the blade enabled without rules?

@Timothy_Hall has previously posted in detail about the SSL inspection rule order here in case it's helpful for you:

https://community.checkpoint.com/t5/Management/HTTPS-Inspection-Setup/m-p/127750/highlight/true#M278...  

0 Kudos
GomesLucas
Explorer

The objective is to understand if there will be bypass or inspect, because even without a rule, it is preventing.

0 Kudos
_Val_
Admin
Admin

Correct, without explicit rules, the implied rule is INSPECT

0 Kudos
PhoneBoy
Admin
Admin

With no rules in the HTTPS Inspection policy, traffic may get pulled out of fastpath that shouldn't be.
That can cause a performance issue.
There should always be an "any any any bypass" at the end of the HTTPS Inspection policy.

0 Kudos
Timothy_Hall
Champion
Champion

"any any any bypass" rule at the end of the HTTPS Inspection Policy makes sense, but in all the CheckMates presentations the final rule is always "any any 'HTTPS Default Services' bypass".  Which is it supposed to be?

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
_Val_
Admin
Admin

As shown 🙂 Using ANY service there is a bad idea

0 Kudos