hi,
this is possible with the predefined http_mapped service - in the
advanced part of the service-definition you can enter the proxy-ip.
cheers
reinhard
At 22:05 26.07.2006, you wrote:
Guys,
I did not come up with this design but I have to support this
so here we go. Keep in mind that the customer wants to keep
everything as is and wanted me to make this work.
Scenario:
OS: Nokia IPSO 3.7.1 build 024
Checkpoint: NG with AI R55w and HFA_04
Internal network: 10.1.1.0/24
FW internal IP: 10.1.1.1
External IP: 65.201.191.200
Proxy Server: 10.1.1.2/24
Internal network 10.1.1.0/24 is "hide" NAT when
going out to the Internet and everything is working fine.
All the Internal hosts have the firewall internal IP
(10.1.1.1) as the default gateway.
Problem:
The customer wants to http/https traffics to go through
the proxy server. However, they do NOT want to re-configure
the browser (Internet Explorer or Firefox) to point to the
proxy server for proxy connection. What they want is to have
the firewall to re-direct the http/https traffics to the
proxy server and let the proxy do the work.
Basically the traffic flow would look like this:
host 10.1.1.15 browes http://www.google.com
http traffic will hit the firewall.... Firewall will re-direct
this traffic to the proxy server (10.1.1.2). Proxy will
get the content from http://www.google.com and relay this
information back to host 10.1.1.15
Is this possible with Checkpoint firewall? Can someone show
me how?
Just a note, I can do this with linux firewall via iptables.
TIA
cisco4ng
---------------------------------
See the all-new, redesigned Yahoo.com. Check it out.
---------------------------------
Yahoo! Music Unlimited - Access over 1 million songs.Try it free.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Reinhard Stich r.stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
