This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Laxi_D
Contributor
‎2018-05-09 10:52 PM

HTTPS inspection in Proxy environment

We have proxy server which is processing all https and http traffic. is there any best practise to enable https inspection on edge checkpoint gateway

5 Replies
PhoneBoy
Admin
Admin
‎2018-05-10 01:01 PM

You would treat the proxy server just as a client, which means configuring it to trust the CA certificate Check Point uses for HTTPS Inspection.

Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2018-05-16 12:55 AM

There is a potential pitfall there. From the perspective of the firewall it's 1 client doing a lot of HTTP and HTTPS sessions. That might get you into trouble where you overload 1 worker and get poor responses.

I strongly suggest you enable Dynamic dispatching as detaild in sk105261 : CoreXL Dynamic Dispatcher in R77.30 / R80.10 and above as it will ruin your day if you start doing HTTPS inspection without it and your gateway gets hit by all that proxy traffic.

Also if you do HTTPS inspection on the proxy .... You might not want to do it again on the gateway. It will ruin your response times as you may notice as people find that webpages load slower.

As with anything in live: Just give it some though before you start implementing it. There is definitely more to it then meets the eye.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Laxi_D
Contributor
‎2018-05-16 10:46 AM

Main reason for activating https inspection on firewall is Sand Blast Appliance. Without https inspection threat emulation is in vain, right?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-16 09:36 PM
In response to Laxi_D

You're going to miss a bunch of potential threats without HTTPS Inspection, yes.

Albert_Wilkes
Collaborator
‎2018-06-25 04:55 AM
In response to PhoneBoy

Consider having your proxy in a DMZ so the CP sees the proxied ("CONNECT" ) request rather than an encrypted tunnel only as it will have an impact on whether the CP will be able to learn the actual hostname or just the certificate information. This is particularly important for correctly logging or bypassing sites that are hosted on a site like cloudflare where the logging and bypassing information would otherwise only show cloudflare rather than the actual website. See my research here https://community.checkpoint.com/thread/7621-https-inspection-real-life-examples-and-caveats-in-r773...  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events