1 of 1 people found this helpful
If I understand correctly, they are removing the manual proxy settings and bypassing the Bluecoat leaving only the Checkpoint the opportunity to create logs. The logs to see would be the clients talking directly to hosts on port 80 and 443. In most cases, a firewall rule would be added to prevent this from happening and force the users through the Bluecoat.
Thank you so much Andy for your response.I am new to Mcafee SIEM and not very familiar with the query part.What kind of a search can I do in ESM to find the details.
Sorry, missed your reply. Specifically you would use the Global Filter fields on the right side of any view and filter for internal IP subnets connecting to Destination Port 80 and 443 on any external host (e.g. not your proxy).