If you just have too many workstations, or adding the proxy configuration is
just too complicated, why don't you just put the ISA Server between the LAN
and the CP firewall?
You can move the current internal IP of the CP to the ISA, put new IPs on
the external ISA interface and internal CP interface and that way you
achieve several things:
- Default gateway of the LAN won't change
- All traffic goes out though the ISA server
- ISA has a few extra nice features for authentication you can take
advantage of
Off course this requires more work and configuration changes than just
finding a way for CP to redirect traffic to the ISA server for it to work as
plain proxy, but sounds like it would be a more stable and manageable way to
go.
.... just an opinion...
On 12/30/06, Hugo van der Kooij <hvdkooij AT vanderkooij DOT org> wrote:
On Fri, 29 Dec 2006, Gary Scott wrote:
> I think you can use the http mapped service of this,
This will send client-server request to a proxy. Will the proxy at hand
even honor those request? It is something to be aware of.
Other obstacles one may encouter this way:
- transparant authentication may not work or it will leak to other
websites causing issues with traffic to those sites.
- http 1.1 support may be limited causing extra overhead in session
maintenance on both firewall and proxy.
Hugo.
--
hvdkooij AT vanderkooij DOT org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
