I am thinking of using the SSL visibility appliance SSL Visibility Appliance | Symantec with a checkpoint cluster running in router mode, Cluster XL with multiple feature IPS, application control, Url filterning etc.
To do that I need to create a couple of extra ports in bridge mode so the checkpoint gateways will collect the decrypted traffic for the IPS, application control, URL filtering while the FW, router and NAT capabilities stay at the existent L3 ports.
I think this is a reasonable design to get a consistent SSL decryption performance. Has anybody experience with bridge ports and the SSL visibility appliance + checkpoint gateway?
I am concerned about packets passing twice through the checkpoint gateway. How does the checkpoint gateway handle it ? I guess that secureXL will accelerate the decrypted traffic, right?