My question is similar to "https://community.checkpoint.com/t5/Security-Gateways/Gateway-as-HTTP-HTTPS-proxy/m-p/159888#M28128"
We want to setup an Internet facing Cluster to replace a non-transparent (HTTP/HTTPS) Proxy . We do NOT want to use the "non-transparent Proxy feature ( for many reasons, also mentioned in the other post) ! Should be a transparent forcing gateway/cluster.
Currently we do not have any possibility for a setup to test this requirement.
One of these rules there at the current proxy is that e.g. MS RDP or Citrix protocol (or another remote access protocol, also SSH) are recognized (if tunneling via HTTPS) and thus these types of connections were rejected.
We want to implement a rulebase to do the same at the CheckPoint R81.10 cluster.
What is required to do this?
It's obvious that HTTPS inspection needs to be turned on.
a) Do we have to enable "protocol signature" for HTTPS and/or HTTP as a prerequisite ?
b) Could one approach be to use applications like "Microsoft Remote Desktop Connection","Citrix" or "SSH" before any other HTTPS/HTTP allow rule to recognize and drop these applications ? Or is another step required: e.g. "drop non-Compliant HTTP" ?
Appreciate any suggestions or ideas!