Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Réf. : [FW-1] Using HTTP Proxies

from Bertrand KLOTZ [Permanent Link]
Subject: [FW-1] Réf. : [FW-1] Using HTTP Proxies
From: Bertrand KLOTZ <bklotz AT GFI DOT FR>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 31 Mar 2005 14:12:32 +0200 
Hello

You can
- define a new service HTTP_PROXY_REDIRECT type other, IP Protocol: 6,
advanced,  match: SRV_REDIRECT(80,proxy_IP,proxy_port)
- create a rule: clients to any service HTTP_PROXY_REDIRECT accept

Bertrand





Bernardo Santos Wernesback <bernardo AT ISH.COM DOT 
BR>@AMADEUS.US.CHECKPOINT.COM>
le 30-03-2005 15:36:26

Veuillez répondre à Mailing list for discussion of Firewall-1
       <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>

Envoyé par :      Mailing list for discussion of Firewall-1
       <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>


Pour : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc :

Objet :     [FW-1] Using HTTP Proxies


Good day to all.

I was looking into Firewall-1 as I am in need of configuring it to use
an external HTTP Proxy. Here is my topology:

1) FW1 NG with several HTTP rules
2) Clients are NOT configured to use FW1 as proxy (as matter of fact
they are not configured to use anyone as proxy)

I need to "redirect" all traffic, sent out via HTTP, through FW1 to a
proxy server. I've seen that this is possible using the option HTTP Next
Proxy. However, the following questions came to mind:

1) Is it possible to put this Proxy server in my DMZ? (traffic will have
to go back through FW1 without creating a loop)
2) Is there any other way (other than HTTP Next Proxy) that might allow
me to configure the proxy server in the individual rules without using
CVP or UFP? I need to mantain a few other rules letting HTTP out without
passing through the proxy.

Thank you very much for any help.

Bernardo.



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Réf. : [FW-1] Using HTTP Proxies, Bertrand KLOTZ <=
Previous by Date:  [FW-1] Cluster XL Multicast Mode, Paulo Vieira
Next by Date:  Re: [FW-1] Problems With Static NAT and ARP, Ben Wilson
Previous by Thread:  [FW-1] In reply to HTTPS problem, Kruger P (CJD Almelo)
Next by Thread:  [FW-1] Securemote + DialUp Connection, Michel Lapointe
Indexes:  [Date] [Thread] [Top] [All Lists]