[isapros] Re: OT: Checkpoint HTTPS Termination

  • From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Fri, 25 Aug 2006 10:18:24 +1000

I would almost guarantee that you need to pay CP more to do it.  Im sure you 
can - but they charge like wounded bulls for extra functionality :)

Greg

----- Original Message ----- 
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
To: <isapros@xxxxxxxxxxxxx>
Sent: Friday, August 25, 2006 9:08 AM
Subject: [isapros] OT: Checkpoint HTTPS Termination


> 
> Pardon the OT, but I've got a customer using Checkpoint who has retained me
> to audit/oversee the deployment of a new application in the DMZ.
> 
> Based on what I do all the time with ISA, the client and I both assumed that
> the Checkpoint box could do HTTPS termination in order to perform
> protocol-level HTTP filtering.  We also assumed that the checkpoint box
> could then forward HTTP to the DMZ for IDS/NetMon logging.
> 
> It seems, however, that the Checkpoint firewall admin cannot confim
> Checkpoint's capability to perform this function.  Given all the hubbub
> about Checkpoint, its seems that it's odd that ISA can perform a function so
> well that Checkpoint does not even support.
> 
> Can anyone out there confirm this?  This could be a great opportunity for me
> to officially introduce ISA into the company (which I would love) but I want
> to make sure I'm doing the best job for the client before I just spend the
> money (or request that they spend the money) if this is something that
> Checkpoint can do.
> 
> The goal is to terminate HTTPS at the Checkpoint box, perform app level
> filtering (like ISA's HTTP filter), then forward the HTTP traffic to a
> single segmented DMZ network so that the IDS/NetMon boxes can log the
> traffic via the switch/Nokia monitor ports.
> 
> Thanks.  Oh, any specific references would be great so that I can share them
> with the client.
> 
> t
> 
> 
> 
>

Other related posts: