[isapros] Re: OT: Checkpoint HTTPS Termination

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 24 Aug 2006 18:43:36 -0500

Hi Tim,

From my extensive research on Check Point, it does not have this kind of
Web proxy capabilities. Maybe there's something hidden in the manauls,
but from everything I could make out from spending a week doing a
competitive analysis, CP's biggest weakness in lack of an effective Web
proxy. I can double check this, but it made enough impression on me to
stick.

I'll send you something you might finding interesting offline.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Thursday, August 24, 2006 6:09 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] OT: Checkpoint HTTPS Termination
> 
> 
> Pardon the OT, but I've got a customer using Checkpoint who 
> has retained me
> to audit/oversee the deployment of a new application in the DMZ.
> 
> Based on what I do all the time with ISA, the client and I 
> both assumed that
> the Checkpoint box could do HTTPS termination in order to perform
> protocol-level HTTP filtering.  We also assumed that the 
> checkpoint box
> could then forward HTTP to the DMZ for IDS/NetMon logging.
> 
> It seems, however, that the Checkpoint firewall admin cannot confim
> Checkpoint's capability to perform this function.  Given all 
> the hubbub
> about Checkpoint, its seems that it's odd that ISA can 
> perform a function so
> well that Checkpoint does not even support.
> 
> Can anyone out there confirm this?  This could be a great 
> opportunity for me
> to officially introduce ISA into the company (which I would 
> love) but I want
> to make sure I'm doing the best job for the client before I 
> just spend the
> money (or request that they spend the money) if this is something that
> Checkpoint can do.
> 
> The goal is to terminate HTTPS at the Checkpoint box, perform 
> app level
> filtering (like ISA's HTTP filter), then forward the HTTP traffic to a
> single segmented DMZ network so that the IDS/NetMon boxes can log the
> traffic via the switch/Nokia monitor ports.
> 
> Thanks.  Oh, any specific references would be great so that I 
> can share them
> with the client.
> 
> t
> 
> 
> 
> 
> 

Other related posts:

• » [isapros] OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination

1. Home
2. isapros
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---