[FW-1] Help needed with Checkpoint Firewall and Proxy Server

Subject:	[FW-1] Help needed with Checkpoint Firewall and Proxy Server
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 26 Jul 2006 13:05:15 -0700

Guys,
   
  I did not come up with this design but I have to support this
so here we go.  Keep in mind that the customer wants to keep
everything as is and wanted me to make this work.
   
  Scenario:
  OS:     Nokia IPSO 3.7.1 build 024
Checkpoint:  NG with AI R55w and HFA_04
Internal network: 10.1.1.0/24 
FW internal IP:  10.1.1.1  
External IP:  65.201.191.200
Proxy Server:  10.1.1.2/24
  Internal network 10.1.1.0/24 is "hide" NAT when
going out to the Internet and everything is working fine.
All the Internal hosts have the firewall internal IP 
(10.1.1.1) as the default gateway.
   
  Problem:
The customer wants to http/https traffics to go through
the proxy server.  However, they do NOT want to re-configure
the browser (Internet Explorer or Firefox) to point to the
proxy server for proxy connection.  What they want is to have
the firewall to re-direct the http/https traffics to the 
proxy server and let the proxy do the work.
  Basically the traffic flow would look like this:
  host 10.1.1.15 browes http://www.google.com
http traffic will hit the firewall.... Firewall will re-direct
this traffic to the proxy server (10.1.1.2).  Proxy will 
get the content from http://www.google.com and relay this 
information back to host 10.1.1.15
   
  Is this possible with Checkpoint firewall?  Can someone show 
me how?  
   
  Just a note, I can do this with linux firewall via iptables.
  TIA
   
  cisco4ng

                        
---------------------------------
See the all-new, redesigned Yahoo.com.  Check it out.
                
---------------------------------
Yahoo! Music Unlimited - Access over 1 million songs.Try it free. 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng <= Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Steffen Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Martin Hoz Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng [FW-1] vulnerability confirmation, Jason Santana Re: [FW-1] vulnerability confirmation, no-need to-list

Previous by Date:	[FW-1] FW-1 NGx 60 QOS doesn´t work, Caballero Carlos
Next by Date:	Re: [FW-1] NGX R61 supported on IPSO (4.0.1), Lino Eduardo Avila Rodríguez
Previous by Thread:	[FW-1] FW-1 NGx 60 QOS doesn´t work, Caballero Carlos
Next by Thread:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich
Indexes:	[Date] [Thread] [Top] [All Lists]