This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mischa_Meekes
Explorer
‎2021-10-01 05:23 AM

Blueprint design for inbound webtraffic in onpremise datacenter

We are looking for a design concept or best practice setups for onpremise datacenter environment where 90% of traffic is inbound https.

We are already using R80.40 clusters and Citrix netscalers (for loadbalancing and ssl offloading) but we also want to use the Appsec.

Upgrade to R81 is planned.

Does Checkpoint has some kind of document or blueprint in order to create the best setup for doing security on this incoming https traffic.

One question for example is which component can or should do IPS. The gateway or the appsec.. or both ?

Please let me know which thoughts about those kind of setups are the in community 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-10-01 11:23 AM

My guess is that it would probably be similar to that in public cloud except you're using on-prem load balancers.
AppSec can also do IPS:

image.png

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-10-03 01:04 AM

Hi,

if you want to use AppSec then it also has IPS capabilities specifically for WEB traffic. So it you activate it on AppSec you don't need to do double inspection and activate it on the Gateways also.

you might just activate it for other protocols passing through your Gateways using the Threat Prevention policy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events