https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253950#M12977 <P>Hello,</P><P>&nbsp;</P><P>My customer is using visitor mode so multiportal is running on the external interface. traffic to <A href="https://pu.bl.ic.ip" target="_blank" rel="noopener">https://pu.bl.ic.ip</A>&nbsp;is dropped on multiportal correctly. All good so far.&nbsp; But curling <A href="http://pu.bl.ic.ip" target="_blank" rel="noopener">http://pu.bl.ic.ip</A>&nbsp;we receive a redirect to the internal IP address&nbsp; like this:</P><P>master@myhost:~# curl -v -k -H "Host:" <A href="http://pu.bl.ic.ip" target="_blank" rel="noopener">http://pu.bl.ic.ip</A><BR />* Trying pu.bl.ic.ip:80...<BR />* Connected to pu.bl.ic.ip (pu.bl.ic.ip) port 80 (#0)<BR />&gt; GET / HTTP/1.1<BR />&gt; User-Agent: curl/7.88.1<BR />&gt; Accept: */*<BR />&gt;<BR />* HTTP 1.0, assume close after body<BR />&lt; HTTP/1.0 301 Moved Permanently<BR />&lt; <STRONG>Location: <A href="https://in.ter.nal.ip" target="_blank" rel="noopener">https://in.ter.nal.ip</A></STRONG><BR />&lt;<BR />* Closing connection 0</P><P>Traffic is still dropped on multiportal and port 80, all good, but:</P><P>Problem is that Nessus is reporting this as a really old IIS related vulnerability (<A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">refer to </A><A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">Solved: CVE-2000-0649 Vulnerability - Check Point CheckMates</A><A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">)&nbsp;</A>plus my customer understandably doesn't want his internal IP disclosed externally.&nbsp;</P><P>This is on a Spark 1900 appliance, I don't know whether it'S specifically for this appliance or if 'Real' GAiA has the same behaviour.</P><P>How can I disable this redirect?</P><P>Thanks,</P><P>Soenke</P> Fri, 25 Jul 2025 11:52:09 GMT Soenke_Weiss1 2025-07-25T11:52:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253950#M12977 <P>Hello,</P><P>&nbsp;</P><P>My customer is using visitor mode so multiportal is running on the external interface. traffic to <A href="https://pu.bl.ic.ip" target="_blank" rel="noopener">https://pu.bl.ic.ip</A>&nbsp;is dropped on multiportal correctly. All good so far.&nbsp; But curling <A href="http://pu.bl.ic.ip" target="_blank" rel="noopener">http://pu.bl.ic.ip</A>&nbsp;we receive a redirect to the internal IP address&nbsp; like this:</P><P>master@myhost:~# curl -v -k -H "Host:" <A href="http://pu.bl.ic.ip" target="_blank" rel="noopener">http://pu.bl.ic.ip</A><BR />* Trying pu.bl.ic.ip:80...<BR />* Connected to pu.bl.ic.ip (pu.bl.ic.ip) port 80 (#0)<BR />&gt; GET / HTTP/1.1<BR />&gt; User-Agent: curl/7.88.1<BR />&gt; Accept: */*<BR />&gt;<BR />* HTTP 1.0, assume close after body<BR />&lt; HTTP/1.0 301 Moved Permanently<BR />&lt; <STRONG>Location: <A href="https://in.ter.nal.ip" target="_blank" rel="noopener">https://in.ter.nal.ip</A></STRONG><BR />&lt;<BR />* Closing connection 0</P><P>Traffic is still dropped on multiportal and port 80, all good, but:</P><P>Problem is that Nessus is reporting this as a really old IIS related vulnerability (<A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">refer to </A><A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">Solved: CVE-2000-0649 Vulnerability - Check Point CheckMates</A><A href="https://community.checkpoint.com/t5/General-Topics/CVE-2000-0649-Vulnerability/td-p/76157" target="_blank" rel="noopener">)&nbsp;</A>plus my customer understandably doesn't want his internal IP disclosed externally.&nbsp;</P><P>This is on a Spark 1900 appliance, I don't know whether it'S specifically for this appliance or if 'Real' GAiA has the same behaviour.</P><P>How can I disable this redirect?</P><P>Thanks,</P><P>Soenke</P> Fri, 25 Jul 2025 11:52:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253950#M12977 Soenke_Weiss1 2025-07-25T11:52:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253962#M12978 <P>What does mpclient list command show?</P> <P>Andy</P> Fri, 25 Jul 2025 13:20:44 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253962#M12978 the_rock 2025-07-25T13:20:44Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253966#M12981 <P>SMB devices don't have multiportal&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;but they do have the redirect on port 80.<BR />The first part of this (setting the&nbsp;multi_portal_allow_redirect kernel variable to zero) should fix this.<BR /><A href="https://support.checkpoint.com/results/sk/sk165937" target="_blank">https://support.checkpoint.com/results/sk/sk165937</A>&nbsp;</P> Fri, 25 Jul 2025 14:08:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/253966#M12981 PhoneBoy 2025-07-25T14:08:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/254267#M12993 <P>Thanks PhoneBoy, this works on SMB appliances as well.</P> Wed, 30 Jul 2025 14:06:13 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/254267#M12993 Soenke_Weiss1 2025-07-30T14:06:13Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/254268#M12994 <P>Good to know!</P> Wed, 30 Jul 2025 14:15:15 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/How-to-disable-http-redirect-on-multiportal-visitor-mode/m-p/254268#M12994 the_rock 2025-07-30T14:15:15Z