Check Point Security Gateway - Futurex Documentation

This document provides information on configuring Vectera Plus HSMs with Check Point Security Gateway by using PKCS #11 libraries. For additional questions related to your HSM, see the relevant administrator’s guide.

Application description

Check Point Security Gateway uses an HSM for outbound HTTPS Inspection. The HSM holds the following objects for outbound HTTPS Inspection:

The Certificate Authority (CA) certificate (certificate buffer + key pair). The administrator creates the CA certificate and key pair before configuring the Security Gateway to work with an HSM.
Two to three RSA key pairsfor fake certificates. The system creates these keys when you initialize the HTTPS Inspection daemon on the Security Gateway with 1024-bit, 2048-bit, or 4096-bit length.

Guardian integration

The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:

Centralization of device management
Elimination of points of failure
Distribution of transaction loads
Group-specific function blocking
User-defined grouping systems

See the applicable guide in the Futurex Portal for configuring HSMs with the Guardian Series 3, including PKCS #11 and CNG configuration.

​Application description

​Guardian integration

Application description

Guardian integration