https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11112#M58652 <HTML><HEAD></HEAD><BODY><P>Is the firewall an explicit proxy in this case?</P><P>Because if so, we may not be able to redirect the traffic to a UserCheck page.</P><P>See:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110013" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110013">How to configure Check Point Security Gateway as HTTP/HTTPS Proxy</A>&nbsp;</P><P></P><P>Otherwise, a diagram of how the proxies are configured (related to users and Internet) would be helpful.</P></BODY></HTML> Fri, 20 Jul 2018 19:16:35 GMT PhoneBoy 2018-07-20T19:16:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11111#M58651 <HTML><HEAD></HEAD><BODY><P>We&nbsp;have a R80.10 cluster which has Firewall, IPS, Anti-Virus and Anti-Bot Blades in place and it is being used as a parent proxy. When the IPS/AV detect a virus signature (in this case the test Eicar virus) it drops the connection to the child proxy, however if the Anti-bot detects an issue which is classed as reputation it is redirected to the UserCheck error pages. How do we set up the firewall to redirect all the "proxying" requests to UserCheck when there is a Threat Prevention issue ?</P></BODY></HTML> Fri, 20 Jul 2018 10:39:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11111#M58651 Neil_Plastow 2018-07-20T10:39:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11112#M58652 <HTML><HEAD></HEAD><BODY><P>Is the firewall an explicit proxy in this case?</P><P>Because if so, we may not be able to redirect the traffic to a UserCheck page.</P><P>See:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110013" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110013">How to configure Check Point Security Gateway as HTTP/HTTPS Proxy</A>&nbsp;</P><P></P><P>Otherwise, a diagram of how the proxies are configured (related to users and Internet) would be helpful.</P></BODY></HTML> Fri, 20 Jul 2018 19:16:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11112#M58652 PhoneBoy 2018-07-20T19:16:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11113#M58653 <HTML><HEAD></HEAD><BODY><P>Yes it is being used as&nbsp;an explicit proxy.</P><P>The browsers are setup to use a proxy on the internal network which is configured to use the firewall as a parent proxy.</P></BODY></HTML> Mon, 23 Jul 2018 09:29:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11113#M58653 Neil_Plastow 2018-07-23T09:29:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11114#M58654 <HTML><HEAD></HEAD><BODY><SPAN>How are the clients configured to use your other proxy? By IP/host or through a proxy.pac somewhere?</SPAN><P class=""></P><P><BR /></P></BODY></HTML> Mon, 23 Jul 2018 14:27:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11114#M58654 PhoneBoy 2018-07-23T14:27:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11115#M58655 <HTML><HEAD></HEAD><BODY><P>Not 100% as we don't manage the internal proxy but believe it is using a proxy.pac file.</P></BODY></HTML> Mon, 23 Jul 2018 15:08:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11115#M58655 Neil_Plastow 2018-07-23T15:08:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11116#M58656 <HTML><HEAD></HEAD><BODY><P>What I suspect is happening is that AV/IPS cannot see there's something to block until well after the connection is established (almost over in the case of AV).</P><P>As we are past the point of being able to inject any sort of redirect at that point,&nbsp;it's not possible for us to inject a&nbsp;UserCheck page.</P><P>As a result, we just drop the connection, which I assume the client proxy then picks up as an issue and displays its own page.</P><P>With an Anti-bot reputation, we can check that before a real connection is established and thus display a UserCheck page to the user.</P><P></P><P>The comment I was going to make about proxy.pac file is to make sure that connections redirected to the gateway itself are not sent through a proxy, which may already be happening.</P></BODY></HTML> Mon, 23 Jul 2018 15:28:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11116#M58656 PhoneBoy 2018-07-23T15:28:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11117#M58657 <HTML><HEAD></HEAD><BODY><P>Thanks for looking at this and answering the question, appreciated.</P></BODY></HTML> Mon, 23 Jul 2018 15:45:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Firewall-as-Proxy-and-Error-Pages/m-p/11117#M58657 Neil_Plastow 2018-07-23T15:45:44Z