This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
CheckMatesAI
Employee
Employee
‎2024-12-11 07:30 AM

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

Certainly! Let's explore how the IPS, Anti-Bot, and Anti-Virus blades function with and without HTTPS Inspection in the two scenarios you mentioned:

Scenario 1: HTTPS Inspection Disabled, IPS, Anti-Bot, and Anti-Virus Enabled

  • Functionality: Without HTTPS Inspection, the Check Point Security Gateway cannot decrypt HTTPS traffic. This means that the IPS, Anti-Bot, and Anti-Virus blades can only inspect the unencrypted parts of the traffic, such as the initial handshake and metadata. They cannot inspect the actual content of the HTTPS traffic.
  • Impact on Detection: The detection capabilities are limited because the blades cannot see the encrypted payload. Malicious files or activities hidden within HTTPS traffic may not be detected.
  • Performance: Since the traffic is not decrypted, there is less processing overhead, resulting in better performance.

Scenario 2: HTTPS Inspection Enabled, IPS, Anti-Bot, and Anti-Virus Enabled

  • Functionality: With HTTPS Inspection enabled, the Security Gateway can decrypt HTTPS traffic, allowing the IPS, Anti-Bot, and Anti-Virus blades to inspect the full content of the traffic. This enables comprehensive threat detection and prevention.
  • Impact on Detection: The detection capabilities are significantly enhanced as the blades can analyze the entire content of the traffic, including any malicious files or activities that were previously hidden.
  • Performance: Enabling HTTPS Inspection introduces additional load on the Security Gateway's CPU and RAM due to the decryption and re-encryption processes. However, Check Point's R82 release offers improved performance and simplified deployment for HTTPS Inspection, ensuring minimal impact on user experience.

For optimal security, it is recommended to enable HTTPS Inspection to fully leverage the capabilities of the IPS, Anti-Bot, and Anti-Virus blades. You can find more details on HTTPS Inspection best practices in the Check Point documentation.

If you have any further questions or need assistance with configuration, feel free to ask!

(1)
Who rated this post