CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Snort Rules Does not work over HTTPS

  1. #1
    Join Date
    2018-01-16
    Location
    Brazil
    Posts
    1
    Rep Power
    0

    Default Snort Rules Does not work over HTTPS

    Hello guys!

    I am new here. I am searching for any article or explanation to know how to configure Snort rules to analyse HTTPS traffic. I created a rule and it is working over a HTTP simple connection but when the connection is using SSL it is not working anymore. I am already imported the certificate and its chain to Check Point. I get "Inspect" event at SmartDashboard log but the connection is not dropped. Anyone here knows anything about it?

    Thanks for advice!

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,500
    Rep Power
    20

    Default Re: Snort Rules Does not work over HTTPS

    If you've configured HTTPS Inspection properly, it should just work like regular IPS.
    What version/jumbo hotfix are you at?
    Have you engaged the Check Point TAC with this?
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. URL filtering, HTTPS Inspection, HTTP/HTTPS Proxy
    By bhavinjbhatt in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2015-07-07, 13:33
  2. https://IP_my_firewall:4434 it's not work always
    By bollano in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2013-04-02, 15:23
  3. Some NAT rules work, some don't
    By codflanglers in forum NAT (Network Address Translation)
    Replies: 2
    Last Post: 2010-04-15, 14:22
  4. How to make rules work immediately?
    By o0000o in forum Check Point UTM-1 Appliances
    Replies: 4
    Last Post: 2009-07-30, 08:49
  5. Running Snort on IPSO sending alerts to Eventia?
    By phlegm in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2006-10-19, 09:44

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •