[isapros] Re: OT: Checkpoint HTTPS Termination

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 24 Aug 2006 18:45:49 -0500

Tim,

Reviewing my compete doc, you can have SSL termination and initiation if
you introduce Connectra. CP is famous for gouging the poor sap customer
is additional lic'ing fees for every basic application layer inspection.
In order to get some Web proxy capabilities, you need to license their
"Web Intelligence" product.

If you find out more info on this, I'm all ears.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Thursday, August 24, 2006 6:09 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] OT: Checkpoint HTTPS Termination
> 
> 
> Pardon the OT, but I've got a customer using Checkpoint who 
> has retained me
> to audit/oversee the deployment of a new application in the DMZ.
> 
> Based on what I do all the time with ISA, the client and I 
> both assumed that
> the Checkpoint box could do HTTPS termination in order to perform
> protocol-level HTTP filtering.  We also assumed that the 
> checkpoint box
> could then forward HTTP to the DMZ for IDS/NetMon logging.
> 
> It seems, however, that the Checkpoint firewall admin cannot confim
> Checkpoint's capability to perform this function.  Given all 
> the hubbub
> about Checkpoint, its seems that it's odd that ISA can 
> perform a function so
> well that Checkpoint does not even support.
> 
> Can anyone out there confirm this?  This could be a great 
> opportunity for me
> to officially introduce ISA into the company (which I would 
> love) but I want
> to make sure I'm doing the best job for the client before I 
> just spend the
> money (or request that they spend the money) if this is something that
> Checkpoint can do.
> 
> The goal is to terminate HTTPS at the Checkpoint box, perform 
> app level
> filtering (like ISA's HTTP filter), then forward the HTTP traffic to a
> single segmented DMZ network so that the IDS/NetMon boxes can log the
> traffic via the switch/Nokia monitor ports.
> 
> Thanks.  Oh, any specific references would be great so that I 
> can share them
> with the client.
> 
> t
> 
> 
> 
> 
> 

• Follow-Ups:
  • [isapros] Re: OT: Checkpoint HTTPS Termination
    • From: Thor (Hammer of God)
  • [isapros] Re: OT: Checkpoint HTTPS Termination
    • From: Thor (Hammer of God)

Other related posts:

• » [isapros] OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination

1. Home
2. isapros
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---