As a basic example some of these blades have protection elements based on either DNS or IP reputation (examples) which don't necessarily require the full decryption of HTTPS traffic, others may also leverage SNI analysis.

Prevention rates are obviously improved for HTTPS traffic scenarios with TLS inspection, this process has performance overheads by comparison however so gateway sizing is important.

Depending upon the role of the gateway enabling HTTPS inspection is recommended for best security, note QUIC inspection is also supported with R82.

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

Certainly! Let's explore how the IPS, Anti-Bot, and Anti-Virus blades function with and without HTTPS Inspection in the two scenarios you mentioned:

Scenario 1: HTTPS Inspection Disabled, IPS, Anti-Bot, and Anti-Virus Enabled

• Functionality: Without HTTPS Inspection, the Check Point Security Gateway cannot decrypt HTTPS traffic. This means that the IPS, Anti-Bot, and Anti-Virus blades can only inspect the unencrypted parts of the traffic, such as the initial handshake and metadata. They cannot inspect the actual content of the HTTPS traffic.
• Impact on Detection: The detection capabilities are limited because the blades cannot see the encrypted payload. Malicious files or activities hidden within HTTPS traffic may not be detected.
• Performance: Since the traffic is not decrypted, there is less processing overhead, resulting in better performance.

Scenario 2: HTTPS Inspection Enabled, IPS, Anti-Bot, and Anti-Virus Enabled

• Functionality: With HTTPS Inspection enabled, the Security Gateway can decrypt HTTPS traffic, allowing the IPS, Anti-Bot, and Anti-Virus blades to inspect the full content of the traffic. This enables comprehensive threat detection and prevention.
• Impact on Detection: The detection capabilities are significantly enhanced as the blades can analyze the entire content of the traffic, including any malicious files or activities that were previously hidden.
• Performance: Enabling HTTPS Inspection introduces additional load on the Security Gateway's CPU and RAM due to the decryption and re-encryption processes. However, Check Point's R82 release offers improved performance and simplified deployment for HTTPS Inspection, ensuring minimal impact on user experience.

For optimal security, it is recommended to enable HTTPS Inspection to fully leverage the capabilities of the IPS, Anti-Bot, and Anti-Virus blades. You can find more details on HTTPS Inspection best practices in the Check Point documentation.

If you have any further questions or need assistance with configuration, feel free to ask!

Here is the most logical explanation I can give you. By the way, super VALID question. So say you have all those blades enabled, but no ssl inspection. Yes, it will do its job, but you will miss out, because without ssl inspection, all you will really be able to tell if that say someone went to facebook, but you have no idea what they did while there.

With ssl inspection, you can get all of that data.

HTTPS Inspection means GW is terminating TLS connections, decrypts them on a client side and re-encrypt to the server. This allows inspecting the data flow, applications behaviour, and content sent through TLS tunnel with multiple blades: IPS, AVI, AB, etc.

Plus, considering that probably 99% of websites nowdays are https (just my educated guess), it only makes sense to have https inspection enabled. Also, with R81.20 version, I find it works very well, no issues.

Hope that helps.

Andy