Hi all,
I've been reading up on a few great posts by @HeikoAnkenbrand about "R80.x Security Gateway Architecture". One thing I didn't quite catch though, is if "IPS Core Protections" is usable with "HTTPS Inspection". More specifically, I'm having the four "HTTP ..."-protections in mind.

My guess is, it isn't.

I did a quick test.
I set up a server with both http- and https-sites.
Configured the host object as a Web Server and added port 443 to the Wed Server configuration
Configured inbound HTTPS Inspection to the https-site.
Everything works as expected.

To test if the Core Protections works with HTTPS Inspection  I then added a header and a value to "HTTP Header Patterns" and then used curl to access the sites and adding the specific header and value. Accessing the http-site resulted in a Prevent-event in the log as expected. However... when accessing the https-site the request wasn't prevented and only inspection-events are posted in the log.

If that's correct, can any one explain why, or direct me to a good source that explains this? OR is it because "HTTPS Inspection" only supports the following blades: Application Control, URL Filtering, IPS, Anti-Virus, Anti-Bot, Threat Emulation, Data Loss Prevention (DLP) and the "Core Protections" is handled by the Firewall-blade? 

Thanks

Tobias