Inspecting HTTPS Packets

An HTTPS request (from an internal client to an external server) arrives at the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

The Security Gateway inspects the HTTPS request.

The Security Gateway determines whether the HTTPS request matches an existing HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.:

• If the HTTPS request does not match a rule, then the Security Gateway does not inspect the HTTPS payload.

• If the HTTPS request matches a rule, then the Security Gateway continues to the next step.

The Security Gateway validates the HTTPS certificate from the external server.

The Security Gateway uses the Online Certificate Status Protocol (OCSP) standard.

The Security Gateway creates a new certificate for the connection to the external server.

The Security Gateway decrypts the HTTPS connection.

The Security Gateway inspects the decrypted HTTPS connection.

If the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. allows this traffic, the Security Gateway encrypts the HTTPS connection.

The Security Gateway sends the HTTPS request to the external server.