hi,
just have a look at the http_mapped service and you will know what to do ;-)
cheers
reinhard
At 03:11 27.07.2006, you wrote:
Hi Reinhard,
Assuming that it is working for http_mapped (I will test it
later), what about https
and ftp? My proxy server is microsoft proxy server so it
supports http/https and ftp.
Any comments? TIA
cisco4ng
Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT> wrote:
hi,
this is possible with the predefined http_mapped service - in the
advanced part of the service-definition you can enter the proxy-ip.
cheers
reinhard
At 22:05 26.07.2006, you wrote:
>Guys,
>
> I did not come up with this design but I have to support this
>so here we go. Keep in mind that the customer wants to keep
>everything as is and wanted me to make this work.
>
> Scenario:
> OS: Nokia IPSO 3.7.1 build 024
>Checkpoint: NG with AI R55w and HFA_04
>Internal network: 10.1.1.0/24
>FW internal IP: 10.1.1.1
>External IP: 65.201.191.200
>Proxy Server: 10.1.1.2/24
> Internal network 10.1.1.0/24 is "hide" NAT when
>going out to the Internet and everything is working fine.
>All the Internal hosts have the firewall internal IP
>(10.1.1.1) as the default gateway.
>
> Problem:
>The customer wants to http/https traffics to go through
>the proxy server. However, they do NOT want to re-configure
>the browser (Internet Explorer or Firefox) to point to the
>proxy server for proxy connection. What they want is to have
>the firewall to re-direct the http/https traffics to the
>proxy server and let the proxy do the work.
> Basically the traffic flow would look like this:
> host 10.1.1.15 browes http://www.google.com
>http traffic will hit the firewall.... Firewall will re-direct
>this traffic to the proxy server (10.1.1.2). Proxy will
>get the content from http://www.google.com and relay this
>information back to host 10.1.1.15
>
> Is this possible with Checkpoint firewall? Can someone show
>me how?
>
> Just a note, I can do this with linux firewall via iptables.
> TIA
>
> cisco4ng
>
>
>---------------------------------
>See the all-new, redesigned Yahoo.com. Check it out.
>
>---------------------------------
>Yahoo! Music Unlimited - Access over 1 million songs.Try it free.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
--
Reinhard Stich r.stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Do you Yahoo!?
Next-gen email? Have it all with the all-new Yahoo! Mail Beta.
---------------------------------
Do you Yahoo!?
Next-gen email? Have it all with the all-new Yahoo! Mail Beta.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Reinhard Stich r.stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
