We have proxy server which is processing all https and http traffic. is there any best practise to enable https inspection on edge checkpoint gateway
You would treat the proxy server just as a client, which means configuring it to trust the CA certificate Check Point uses for HTTPS Inspection.
There is a potential pitfall there. From the perspective of the firewall it's 1 client doing a lot of HTTP and HTTPS sessions. That might get you into trouble where you overload 1 worker and get poor responses.
I strongly suggest you enable Dynamic dispatching as detaild in sk105261 : CoreXL Dynamic Dispatcher in R77.30 / R80.10 and above as it will ruin your day if you start doing HTTPS inspection without it and your gateway gets hit by all that proxy traffic.
Also if you do HTTPS inspection on the proxy .... You might not want to do it again on the gateway. It will ruin your response times as you may notice as people find that webpages load slower.
As with anything in live: Just give it some though before you start implementing it. There is definitely more to it then meets the eye.
Main reason for activating https inspection on firewall is Sand Blast Appliance. Without https inspection threat emulation is in vain, right?
You're going to miss a bunch of potential threats without HTTPS Inspection, yes.
Retrieving data ...