Episode Details

Back to Episodes
Course 32 - Checkpoint CCSA R80 | Episode 8: HTTPS Inspection, URL Filtering, and Identity Awareness

Course 32 - Checkpoint CCSA R80 | Episode 8: HTTPS Inspection, URL Filtering, and Identity Awareness

Published 2 weeks, 5 days ago
Description
In this lesson, you’ll learn about: HTTPS inspection, advanced filtering, and identity-based security in Check Point R801. HTTPS Inspection (Deep Traffic Visibility)
  • In Check Point R80, HTTPS traffic is encrypted → normally invisible to firewalls
🔹 The Problem
  • Malware or attacks can hide inside:
    • SSL/TLS encrypted traffic
🔹 The Solution: HTTPS Inspection
  • Gateway acts as a proxy:
    1. Intercepts HTTPS traffic
    2. Decrypts it in memory
    3. Inspects content
    4. Re-encrypts and forwards
🔹 Key Requirements
  • Enable inspection policy
  • Install and trust certificates on client devices
🔹 Verification
  • Use SmartConsole logs
  • Confirm sessions are being inspected
👉 This is critical for detecting:
  • Hidden malware
  • Encrypted attacks
2. Advanced Filtering Actions🔹 Category-Based Filtering
  • Control access based on:
    • Website categories
    • Application types
🔹 Examples
  • Allow:
    • Search engines
  • Restrict:
    • Social media
    • Gambling
    • Malicious sites
3. Interactive Policy Actions🔹 “Ask” Action
  • User sees a warning page
  • Must accept policy to continue
🔹 “Inform” Action
  • User is notified
  • Traffic still allowed
🔹 Why Use Them
  • Enforce company policy
  • Educate users
  • Avoid full blocking
👉 Balance between security and usability4. Identity Awareness (User-Based Security)🔹 The Problem
  • Traditional firewalls rely on:
    • IP addresses
❌ But IP ≠ real user🔹 The Solution
  • Identity-based enforcement in Check Point R80
🔹 Identity Sources
  • Active Directory
  • Captive Portal
  • Endpoint agents
🔹 Access Role Objects
  • Combine:
    • Users
    • Groups
    • Machines
    • Networks
🔹 Example Rule
  • Allow:
    • User “Bob” → access internal app
  • Deny:
    • Others
👉 Much more precise than IP-based rules5. Identity-Based Logging & Visibility🔹 Benefits
  • Logs show:
    • Username (not just IP)
🔹 Use Cases
  • Faster troubleshooting
  • Better auditing
  • Stronger security investigations
Key Takeaways
  • HTTPS inspection enables deep visibility into encrypted traffic
  • Certificates are required to avoid browser warnings
  • “Ask” and “Inform” provide interactive enforcement
  • Identity Awareness ties traffic to real users
  • Access Roles enable highly granular security rules
Big PictureWith these advanced features in Check Point R80, you move beyond traditional firewalls:
  • From IP-based → identity-based security
  • From blind encryption → full traffic inspection
  • From rigid blocking → interactive user contro


You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us