Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server

Subject:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 26 Jul 2006 18:11:49 -0700

Hi Reinhard,
  Assuming that it is working for http_mapped (I will test it later), what 
about https 
  and ftp?  My proxy server is microsoft proxy server so it supports http/https 
and ftp.
   
  Any comments?  TIA
   
  cisco4ng

Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT> wrote:
  hi,

this is possible with the predefined http_mapped service - in the 
advanced part of the service-definition you can enter the proxy-ip.

cheers
reinhard

At 22:05 26.07.2006, you wrote:
>Guys,
>
> I did not come up with this design but I have to support this
>so here we go. Keep in mind that the customer wants to keep
>everything as is and wanted me to make this work.
>
> Scenario:
> OS: Nokia IPSO 3.7.1 build 024
>Checkpoint: NG with AI R55w and HFA_04
>Internal network: 10.1.1.0/24
>FW internal IP: 10.1.1.1
>External IP: 65.201.191.200
>Proxy Server: 10.1.1.2/24
> Internal network 10.1.1.0/24 is "hide" NAT when
>going out to the Internet and everything is working fine.
>All the Internal hosts have the firewall internal IP
>(10.1.1.1) as the default gateway.
>
> Problem:
>The customer wants to http/https traffics to go through
>the proxy server. However, they do NOT want to re-configure
>the browser (Internet Explorer or Firefox) to point to the
>proxy server for proxy connection. What they want is to have
>the firewall to re-direct the http/https traffics to the
>proxy server and let the proxy do the work.
> Basically the traffic flow would look like this:
> host 10.1.1.15 browes http://www.google.com
>http traffic will hit the firewall.... Firewall will re-direct
>this traffic to the proxy server (10.1.1.2). Proxy will
>get the content from http://www.google.com and relay this
>information back to host 10.1.1.15
>
> Is this possible with Checkpoint firewall? Can someone show
>me how?
>
> Just a note, I can do this with linux firewall via iptables.
> TIA
>
> cisco4ng
>
>
>---------------------------------
>See the all-new, redesigned Yahoo.com. Check it out.
>
>---------------------------------
>Yahoo! Music Unlimited - Access over 1 million songs.Try it free.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

-- 
Reinhard Stich r.stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


                
---------------------------------
Do you Yahoo!?
 Next-gen email? Have it all with the  all-new Yahoo! Mail Beta.
                
---------------------------------
Do you Yahoo!?
 Next-gen email? Have it all with the  all-new Yahoo! Mail Beta.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng <= Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Steffen Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Martin Hoz Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, cisco4ng [FW-1] vulnerability confirmation, Jason Santana Re: [FW-1] vulnerability confirmation, no-need to-list

Previous by Date:	[FW-1] Cluster failover logs, fico gid
Next by Date:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich
Previous by Thread:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich
Next by Thread:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Reinhard Stich
Indexes:	[Date] [Thread] [Top] [All Lists]