Mirror and Decrypt Requirements

Item

Description

Designated network interface for Mirror and Decrypt:

Select a designated physical interface on your Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., or each cluster member Security Gateway that is part of a cluster..

Important:

On cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. members, you must select an interface with the same name (for example, eth3 on each cluster member).
Select an interface with the largest available throughput (for example, 10G, 40G), because this interface passes the combined traffic from all other interfaces.

Assign a dummy IP address to the designated interface.

Important - This IP address cannot collide with other IP addresses used in your environment. This IP address cannot belong to subnets used in your environment. Make sure to configure the correct subnet mask. After you enable traffic mirroring on this interface in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., all other traffic that is routed to this interface is dropped.

On cluster members, you must configure this designated physical interface in the $FWDIR/conf/discntd.if file.

Note - This prevents the interfaces that are not used from sending Cluster Control Protocol (CCP) packets that can overwhelm the Mirror and Decrypt recorders.

Maximum Transmission Unit (MTU) on the Mirror and Decrypt designated physical interface:

MTU value has to be 1500 (default), or at least the maximum MTU value from other interfaces on the Security Gateway.

HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. for decrypting the HTTPS traffic:

You must enable the HTTPS Inspection in SmartConsole in the object of the Security Gateway, Cluster, or VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Virtual System.
You must configure the HTTPS Inspection Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..

Access Rules for traffic you wish to Mirror and Decrypt:

You must create special rules in the Access Control Policy for the traffic you wish to mirror and decrypt.