Configure HTTPS Inspection
Follow the steps below to enable HTTPS Inspection
Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi..
|
|
Notes:
|
Creating an Outbound Certificate
To create an Outbound Certificate
| Step | Description |
|---|---|
| 1 | In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to Policy > HTTPs policy. |
| 2 |
Go to the Destination column, and edit the default rule |
|
3 |
Go to the Track column, and edit to Log. |
|
4 |
Go to Gateways and Servers. Open one of the VMSS instances you have. |
|
5 |
Open HTTPs Inspection and click Create Certificate. |
|
6 |
Enter the information and click OK. |
|
7 |
Click Enable HTTPs Inspection. |
|
8 |
Publish the SmartConsole session. |
|
9 |
Install policy. |
Creating an HTTPS Inspection Rule to Inspect SSL Traffic
This procedure creates an HTTPS Inspection rule to inspect SSL traffic that belongs to a web application
|
Step |
Description |
|---|---|
|
1 |
In SmartConsole, from the left navigation panel, click Manage & Settings. |
|
2 |
From the left tree, click Blades. |
|
3 |
In the HTTPS Inspection section, click Configure in SmartConsole. |
|
4 |
From the left tree, click Gateways. |
|
5 |
At the bottom of the page, click Create Certificate. |
|
6 |
Enter the information and click OK. |
|
7 |
From the left tree, click Server Certificates. |
|
8 |
Enter the information and click OK. |
|
9 |
From the left tree, click Policy. |
|
10 |
Add this rule:
|
|
11 |
Save the changes: Click Menu > File > Save. |
|
12 |
Close the SmartConsole. |
|
13 |
Publish the SmartConsole session |