Check Point NGFW
Updated Aug. 2 2021
4 / 5 (1 review)

Cybercriminals can use encryption to hide malicious activity from an organization’s security controls, including NGFW, intrusion prevention systems (IPS) and controls in order to evade detection and hide attacks. Together, Check Point and Venafi help to solve that problem by fully automating the delivery and configuration of critical machine identities in use by organizations protected with Check Point NGFWs.
Business Outcomes
  • Get started fast with inventories of existing keys and certificates

  • Maximize inspection with full discovery of keys and certificates

  • Maintain inspection levels with fully automated lifecycle and key distribution

Integration Features
  • Automated discovery and setup of existing keys and certificates

  • Increased performance of inspection with automated distribution of keys and certificates

  • Automated distribution of replacement keys when new keys are generated

Solution Overview

Together, Check Point and Venafi enable your organization to detect threats hiding in encrypted traffic. The Venafi Platform allows enterprises to protect and secure large numbers of highly complex machine identities. It provides the visibility needed to discover and automate the full lifecycle of SSL/TLS keys and certificates so that Check Point Next Generation Firewalls (NGFWs) always have current machine identities to inspect traffic for threats. 

Check Point NGFWs and the Venafi Platform work together to protect privacy, secure network transactions and defend intellectual property. The integrated solution helps you identify which encrypted channels should be trusted, and which are being used as part of an attack. With Venafi in place, Check Point NGFWs have secure and unhindered access to machine identities, allowing them to detect and prevent attacks that hide in encrypted channels.


Venafi automates SSL/TLS machine identities used in Check Point inbound HTTPS inspection policies. Certificates are defined as Venafi-synced objects within Check Point and automatically kept in sync with the Venafi Platform. 

  1. Bulk-provisioning jobs in Venafi allow new machine identities, matching specified policy, to be provided to Check Point gateways automatically on a schedule or on-demand.
  2. Expiring certificates are automatically renewed at the CA, provisioned by Venafi to Check Point NGFWs and applied in the Check Point NGFW HTTPS inspection policy.
  3. Inspection policies are always up-to-date with the most recent version of machine identities, ensuring there are no gaps in SSL/TLS visibility, and encrypted threats are never missed.
Most recent reviews
The wait was worth it!
4 / 5
Great to see Check Point add support for Venafi. Would be great to have more technical docs or config video.