topic Egress Internet Traffic from Single Gateway host in Azure blocked via AWS WAF -HostingProviderIPList in Cloud Firewall https://community.checkpoint.com/t5/Cloud-Firewall/Egress-Internet-Traffic-from-Single-Gateway-host-in-Azure/m-p/250656#M5367 <P>Hi There,<BR />We are an MSP that has a number of clients configured with Azure Hosted Citrix deployments.&nbsp; Egress/Ingress internet traffic is filtered by R82.0 Azure hosted Security Gateway and managed by Smart-1 Cloud Saas Platform.&nbsp;&nbsp;<BR /><BR />We are finding random egress traffic is blocked by AWS hosted sites WAF, and i believe this is due to provider utilizing the HostingProviderIPList reputation rules.&nbsp; Additionally we found services like Youtube are now forcing users to sign in when connections are detected from Azure.&nbsp;&nbsp;<BR /><BR />We understand we can utilize Azure BYOD PIP service, but from the R&amp;D i have completed it seems the clients need to use /24 PIP as a minimum.&nbsp; Most of the clients aren't large enough to consider this.&nbsp;&nbsp;<BR /><BR />While the issue has nothing to do with Checkpoint NVA, i was hopefully of finding any real-life experience on how others have handled this situation without having to change the entire client egress internet flow.&nbsp; On the surface, configuring the NVA to forward egress traffic to a forward proxy sounds like a viable option, but have been unable to find too much technical info around if such an option exists.&nbsp;&nbsp;<BR /><BR />thanks in advance<BR /><BR /><BR /></P> Thu, 05 Jun 2025 00:31:46 GMT jfelix 2025-06-05T00:31:46Z Egress Internet Traffic from Single Gateway host in Azure blocked via AWS WAF -HostingProviderIPList https://community.checkpoint.com/t5/Cloud-Firewall/Egress-Internet-Traffic-from-Single-Gateway-host-in-Azure/m-p/250656#M5367 <P>Hi There,<BR />We are an MSP that has a number of clients configured with Azure Hosted Citrix deployments.&nbsp; Egress/Ingress internet traffic is filtered by R82.0 Azure hosted Security Gateway and managed by Smart-1 Cloud Saas Platform.&nbsp;&nbsp;<BR /><BR />We are finding random egress traffic is blocked by AWS hosted sites WAF, and i believe this is due to provider utilizing the HostingProviderIPList reputation rules.&nbsp; Additionally we found services like Youtube are now forcing users to sign in when connections are detected from Azure.&nbsp;&nbsp;<BR /><BR />We understand we can utilize Azure BYOD PIP service, but from the R&amp;D i have completed it seems the clients need to use /24 PIP as a minimum.&nbsp; Most of the clients aren't large enough to consider this.&nbsp;&nbsp;<BR /><BR />While the issue has nothing to do with Checkpoint NVA, i was hopefully of finding any real-life experience on how others have handled this situation without having to change the entire client egress internet flow.&nbsp; On the surface, configuring the NVA to forward egress traffic to a forward proxy sounds like a viable option, but have been unable to find too much technical info around if such an option exists.&nbsp;&nbsp;<BR /><BR />thanks in advance<BR /><BR /><BR /></P> Thu, 05 Jun 2025 00:31:46 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Egress-Internet-Traffic-from-Single-Gateway-host-in-Azure/m-p/250656#M5367 jfelix 2025-06-05T00:31:46Z