[isapros] OT: Checkpoint HTTPS Termination
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 16:08:43 -0700
Pardon the OT, but I've got a customer using Checkpoint who has retained me
to audit/oversee the deployment of a new application in the DMZ.
Based on what I do all the time with ISA, the client and I both assumed that
the Checkpoint box could do HTTPS termination in order to perform
protocol-level HTTP filtering. We also assumed that the checkpoint box
could then forward HTTP to the DMZ for IDS/NetMon logging.
It seems, however, that the Checkpoint firewall admin cannot confim
Checkpoint's capability to perform this function. Given all the hubbub
about Checkpoint, its seems that it's odd that ISA can perform a function so
well that Checkpoint does not even support.
Can anyone out there confirm this? This could be a great opportunity for me
to officially introduce ISA into the company (which I would love) but I want
to make sure I'm doing the best job for the client before I just spend the
money (or request that they spend the money) if this is something that
Checkpoint can do.
The goal is to terminate HTTPS at the Checkpoint box, perform app level
filtering (like ISA's HTTP filter), then forward the HTTP traffic to a
single segmented DMZ network so that the IDS/NetMon boxes can log the
traffic via the switch/Nokia monitor ports.
Thanks. Oh, any specific references would be great so that I can share them
with the client.
t
Other related posts:
