This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CredID
Participant
‎2018-10-22 01:40 AM

HTTPS inpsection: How block file type correctly

Scenario:

Threat prevention policy is set to drop exe file type.

Https inspection rules are set in order to bypass several categories for blades Application Control e URL Filtering

Problem:

We arrange the HTTPS policy so that first it match the bypass rule than it inspect all the remaining traffic.

The problem is that if the user match a site that is included in the categories that are bypassed and try to download an .exe file the checkpoint detect it (in the smartlog) but do not block it.

How should we configure the https policy in order to block .exe files for all traffic and bypass the inspection for Application Control and URL filtering for some categories?

Attached the screenshot of our https inspection rules

2 Replies
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2018-10-22 05:38 AM

Hi Lorenzo,

can you repost the screenshot ?

In general if a file is downloaded via HTTPS you are not able to block it if HTTPS is bypassed.

Not sure how you would detect an EXE file within a HTTPS download without HTTPS inspection.

Regards Thomas 

0 Kudos
Ryan_St__Germai
Advisor
‎2018-10-22 05:41 AM

If the traffic is encrypted over HTTPS then you must have HTTPS inspection "inspect" the traffic. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top