As Erik mentioned this is done with the other service http_mapped, you
just have to place a rule in your ruleset that says;
src -> dst http_mapped
(Forget any additional NAT rules)
Then alter the http_mapped match property to your proxy servers settings
SRV_REDIRECT(src port,dst address,dst port)
Remember to make sure your proxy is requesting URIs as seen in the host
header, as the destination will always be the proxy.
Regards,
James
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Erik
Gielow
Sent: Wednesday, 10 January 2007 12:54 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Checkpoint FW-1 and transparent proxy
Hi,
To configure a simple transparent proxy in CheckPoint , you just need to
use
the "http_mapped" object.
regards.
Erik Gielow.
On 1/9/07, Jose Ignacio Sanchez <sanchez AT osha.eu DOT int> wrote:
>
> Hi,
>
>
>
> I am trying to configure VPN-1 in such a way that all outgoing TCP
> connections from our LAN to Internet at destination port 80 are
redirected
> to our HTTP proxy placed on the DMZ (simple transparent proxy for HTTP
> connections).
>
>
>
> A simple NAT rule saying [ source: LAN, destination: any, service:
http
> -->
> source nated: Original, destination nated: proxy, service: original ]
> should
> make the job, but it doesn't.
>
>
>
> I get the following error: "<Any> is valid only if the matching
translated
> column is <Original>"
>
>
>
> I keep getting errors if I put a group of hosts (or a network) as
> destination address.
>
>
>
> I tried all sort of different things without succeed. Can this
"simple
> thing" be done with FW-1 (running version R60).
>
>
>
> Thanks. Regards,
>
>
>
> Natxo
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
