CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Enabiling Https inspection

  1. #1
    Join Date
    2015-03-31
    Posts
    35
    Rep Power
    0

    Default Enabiling Https inspection

    Hi Team,

    We have enabled Application control & URL filtering blade without Https inspection in our environment over 3 months back. Now we are going to enable the Https inspection feature in it. Can someone tell me what is the difference between running the blade with and without https inspection. How exactly Https inspection works with the outgoing traffic and advantages of enabling it.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,267
    Rep Power
    16

    Default Re: Enabiling Https inspection

    Without HTTPS Inspection then may find that some apps on HTTPS are not identified properly. Office 365 SK articles on Check Point specifically state that for Office365 Apps to work correctly then need HTTPS Inspection. Another example can be Skype/Skype for Business, in that without HTTPS Inspection then cannot immediately distinguish between Skype and Skype for Business and end up having to allow Skype as opposed to just Skype for Business. Once User logged in then could identify later as Skype for Business but without allowing Skype initially then couldn't login.

    In general once you start to use any of the Service Blades on Check Point then you really need to start using the HTTPS Inspection as otherwise HTTPS traffic is not inspected properly, for blades such as AV/Abot/TE then simply is passed through without any inspection at all. Had a customer complaining that there Desktop AV was picking up a CryptoCurrency infection attempt. When went through the Logs then could see that the infection attempt was coming through the Check Point as was from a HTTPS resource, and without HTTPS Inspection then the Check Point couldn't detect the malicious content.

    In terms of how works ( very simple explaination ) then you roll out the HTTPS Inspection CA cert to your client machines so that they trust certs issues by the CA.

    Then when a client makes a connection then the Check Point intercepts the connection, then either blocks it, or if is accepted issues a Certificate from itself pretending to be the website.
    Check Point Gateway then makes a connection to the website from itself. Website responds and then the Check Point takes the response and forwards to the client. If additional blades enabled then the Check Point will perform other blade inspection as well.

  3. #3
    Join Date
    2015-03-31
    Posts
    35
    Rep Power
    0

    Default Re: Enabiling Https inspection

    Hi Mcnallym,

    Thanks for the response!
    If you don't mind can you please elaborately explain what is happening once you install the certificate on client's trusted store.

  4. #4
    Join Date
    2007-06-04
    Posts
    3,267
    Rep Power
    16

    Default Re: Enabiling Https inspection

    Quote Originally Posted by iamramu92 View Post
    Hi Mcnallym,

    Thanks for the response!
    If you don't mind can you please elaborately explain what is happening once you install the certificate on client's trusted store.
    Installing the CA Cert into the Clients Trusted Store simply tells the machines that the CA is a Trusted CA Authority. This means that when the client makes a connection to a real website and gets a Cert for that Website issued by the Check Point CA then the Client doesn't provide a Browser Warning.

    To make the PC trust the gateway CA certificate:
    A.Export the CA certificate from the SmartDashboard (on the HTTPS Inspection window of the Security Gateway, or on the HTTPS Inspection > Gateways pane).



    B.Install the certificate on the user's PC:

    Manually put the certificate file in the user's PC. Click the file and follow the wizard instructions to add the certificate to the trusted root certificates repository on client machines.
    Use GPO or group policy to distribute the certificate to a large group of users. See the documentation for more details.



    Failure to do so

    6.Why do I get certificate warnings in the browser after turning on HTTPS Inspection?

    A dedicated CA signs certificates, and the Security Gateway presents these certificates to the client.
    Before the user installs that CA certificate, any site accessed by the browser will produce warnings.

Similar Threads

  1. HTTPs Inspection
    By Dende in forum R77.30
    Replies: 6
    Last Post: 2017-03-30, 02:31
  2. Https inspection
    By kelvinyip.m in forum Firewall Blade
    Replies: 1
    Last Post: 2016-12-27, 06:50
  3. HTTPS Inspection
    By UglyMan in forum R77.10
    Replies: 1
    Last Post: 2016-09-07, 17:38
  4. URL filtering, HTTPS Inspection, HTTP/HTTPS Proxy
    By bhavinjbhatt in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2015-07-07, 13:33
  5. Https Inspection
    By wiz4rd in forum Application Control Blade
    Replies: 1
    Last Post: 2014-05-27, 16:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •