Mirror and Decrypt Requirements

Designated network interface for Mirror and Decrypt:

1. Select a designated physical interface on your Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster Member Security Gateway that is part of a cluster. / Scalable Platform Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

   Important: On cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. members, you must select an interface with the same name (for example, eth3 on each cluster member). Select an interface with the largest available throughput (for example, 10G, 40G), because this interface passes the combined traffic from all other interfaces.

2. Assign a dummy IP address to the designated interface.

   Important - This IP address cannot collide with other IP addresses used in your environment. This IP address cannot belong to subnets used in your environment. Make sure to configure the correct subnet mask. After you enable traffic mirroring on this interface in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., all other traffic that is routed to this interface is dropped.

3. On cluster members, you must configure this designated physical interface in the $FWDIR/conf/discntd.if file.

   Note - This prevents the interfaces that are not used from sending Cluster Control Protocol (CCP) packets that can overwhelm the Mirror and Decrypt recorders.

HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. for decrypting the HTTPS traffic:

• You must enable the HTTPS Inspection in SmartConsole in the object of the Security Gateway / Cluster / Security Group / VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Virtual System.

• You must configure the HTTPS Inspection Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..