Re: [FW-1] Checkpoint FW-1 and transparent proxy

Subject:	Re: [FW-1] Checkpoint FW-1 and transparent proxy
From:	José Ignacio Sánchez <sanchez AT OSHA.EU DOT INT>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 9 Jan 2007 17:59:13 +0100

Many thanks. It is working just great. 

I feel a bit stupid right now :) but I was unable to find any answer in
google.

Thank you! Regards

  Natxo


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of James 
Lane
Sent: martes, 09 de enero de 2007 15:39
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Checkpoint FW-1 and transparent proxy

As Erik mentioned this is done with the other service http_mapped, you
just have to place a rule in your ruleset that says; 

src -> dst http_mapped 
(Forget any additional NAT rules) 

Then alter the http_mapped match property to your proxy servers settings

SRV_REDIRECT(src port,dst address,dst port)

Remember to make sure your proxy is requesting URIs as seen in the host
header, as the destination will always be the proxy.

Regards,

James

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Erik
Gielow
Sent: Wednesday, 10 January 2007 12:54 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Checkpoint FW-1 and transparent proxy

Hi,
To configure a simple transparent proxy in CheckPoint , you just need to
use
the  "http_mapped" object.

regards.

Erik Gielow.




On 1/9/07, Jose Ignacio Sanchez <sanchez AT osha.eu DOT int> wrote:
>
> Hi,
>
>
>
> I am trying to configure VPN-1 in such a way that all outgoing TCP
> connections from our LAN to Internet at destination port 80 are
redirected
> to our HTTP proxy placed on the DMZ (simple transparent proxy for HTTP
> connections).
>
>
>
> A simple NAT rule saying [ source: LAN, destination: any, service:
http
> -->
> source nated: Original, destination nated: proxy, service: original ]
> should
> make the job, but it doesn't.
>
>
>
> I get the following error: "<Any> is valid only if the matching
translated
> column is <Original>"
>
>
>
> I keep getting errors if I put a group of hosts (or a network) as
> destination address.
>
>
>
> I tried all sort of different things without succeed.  Can this
"simple
> thing" be done with FW-1 (running version R60).
>
>
>
> Thanks. Regards,
>
>
>
>   Natxo
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Checkpoint FW-1 and transparent proxy, Jose Ignacio Sanchez Re: [FW-1] Checkpoint FW-1 and transparent proxy, Erik Gielow Re: [FW-1] Checkpoint FW-1 and transparent proxy, James Lane Re: [FW-1] Checkpoint FW-1 and transparent proxy, José Ignacio Sánchez <=

Previous by Date:	[FW-1] SmartDefense CIFS worm?, Andrew Crawford
Next by Date:	[FW-1] Sequence Verifier, Anupam Gaur
Previous by Thread:	Re: [FW-1] Checkpoint FW-1 and transparent proxy, James Lane
Next by Thread:	[FW-1] Radius Authentification -> Cache?, Bernd Nachtigall
Indexes:	[Date] [Thread] [Top] [All Lists]