Hello guys!
I am new here. I am searching for any article or explanation to know how to configure Snort rules to analyse HTTPS traffic. I created a rule and it is working over a HTTP simple connection but when the connection is using SSL it is not working anymore. I am already imported the certificate and its chain to Check Point. I get "Inspect" event at SmartDashboard log but the connection is not dropped. Anyone here knows anything about it?
Thanks for advice!
Results 1 to 2 of 2
-
2018-01-17 #1
Junior Member
- Join Date
- 2018-01-16
- Location
- Brazil
- Posts
- 1
- Rep Power
- 0
Snort Rules Does not work over HTTPS
-
2018-01-19 #2
Senior Member
- Join Date
- 2005-08-14
- Location
- Gig Harbor, WA, USA
- Posts
- 2,500
- Rep Power
- 20
Re: Snort Rules Does not work over HTTPS
If you've configured HTTPS Inspection properly, it should just work like regular IPS.
What version/jumbo hotfix are you at?
Have you engaged the Check Point TAC with this?http://phoneboy.org
Unless otherwise noted, views expressed are my own
Reply With QuoteSimilar Threads
-
URL filtering, HTTPS Inspection, HTTP/HTTPS Proxy
By bhavinjbhatt in forum R75.40 (GAiA)Replies: 0Last Post: 2015-07-07, 13:33 -
https://IP_my_firewall:4434 it's not work always
By bollano in forum Check Point SecurePlatform (SPLAT)Replies: 1Last Post: 2013-04-02, 15:23 -
Some NAT rules work, some don't
By codflanglers in forum NAT (Network Address Translation)Replies: 2Last Post: 2010-04-15, 14:22 -
How to make rules work immediately?
By o0000o in forum Check Point UTM-1 AppliancesReplies: 4Last Post: 2009-07-30, 08:49 -
Running Snort on IPSO sending alerts to Eventia?
By phlegm in forum Eventia Analyzer/Reporter/SmartView ReporterReplies: 0Last Post: 2006-10-19, 09:44
Bookmarks