[isapros] Re: OT: Checkpoint HTTPS Termination

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
• Date: Thu, 24 Aug 2006 17:05:49 -0700

Thanks Tom... Good info.  I very much appreciate it.  Given the introduction
of additional fee's we may have a case for ISA.  We'll see.

Thanks again.
t


On 8/24/06 4:45 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:

> Tim,
> 
> Reviewing my compete doc, you can have SSL termination and initiation if
> you introduce Connectra. CP is famous for gouging the poor sap customer
> is additional lic'ing fees for every basic application layer inspection.
> In order to get some Web proxy capabilities, you need to license their
> "Web Intelligence" product.
> 
> If you find out more info on this, I'm all ears.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>> (Hammer of God)
>> Sent: Thursday, August 24, 2006 6:09 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] OT: Checkpoint HTTPS Termination
>> 
>> 
>> Pardon the OT, but I've got a customer using Checkpoint who
>> has retained me
>> to audit/oversee the deployment of a new application in the DMZ.
>> 
>> Based on what I do all the time with ISA, the client and I
>> both assumed that
>> the Checkpoint box could do HTTPS termination in order to perform
>> protocol-level HTTP filtering.  We also assumed that the
>> checkpoint box
>> could then forward HTTP to the DMZ for IDS/NetMon logging.
>> 
>> It seems, however, that the Checkpoint firewall admin cannot confim
>> Checkpoint's capability to perform this function.  Given all
>> the hubbub
>> about Checkpoint, its seems that it's odd that ISA can
>> perform a function so
>> well that Checkpoint does not even support.
>> 
>> Can anyone out there confirm this?  This could be a great
>> opportunity for me
>> to officially introduce ISA into the company (which I would
>> love) but I want
>> to make sure I'm doing the best job for the client before I
>> just spend the
>> money (or request that they spend the money) if this is something that
>> Checkpoint can do.
>> 
>> The goal is to terminate HTTPS at the Checkpoint box, perform
>> app level
>> filtering (like ISA's HTTP filter), then forward the HTTP traffic to a
>> single segmented DMZ network so that the IDS/NetMon boxes can log the
>> traffic via the switch/Nokia monitor ports.
>> 
>> Thanks.  Oh, any specific references would be great so that I
>> can share them
>> with the client.
>> 
>> t
>> 
>> 
>> 
>> 
>> 
> 
> 
> 

• References:
  • [isapros] Re: OT: Checkpoint HTTPS Termination
    • From: Thomas W Shinder

Other related posts:

• » [isapros] OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination

1. Home
2. isapros
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---