Egress Internet Traffic from Single Gateway host i...

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
  - Czech Republic and Slovakia
  - Denmark
  - Netherlands
  - Germany
  - Sweden
  - United Kingdom and Ireland
  - France
  - Spain
  - Norway
  - Ukraine
  - Baltics and Finland
  - Greece
  - Portugal
  - Austria
  - Kazakhstan and CIS
  - Switzerland
  - Romania
  - Turkey
  - Belarus
  - Belgium & Luxembourg
  - Russia
  - Poland
  - Georgia
  - DACH - Germany, Austria and Switzerland
  - Iberia
  - Africa
  - Adriatics Region
  - Eastern Africa
  - Israel
  - Nordics
  - Middle East and Africa
  - Balkans
  - Italy
  - Bulgaria
  - Cyprus
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Open Garden In Action:
Find and Remediate Threats Everywhere!

New Appliance Announcements
and Faster Threat Prevention

Watch Now!

Remote Access VPN – User Experience
Help us with the Short-Term Roadmap

Take the Survey

It's Here!
CPX 2025 Content

Get It Now

CheckMates Go:
AI Agents

Listen Now

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
Egress Internet Traffic from Single Gateway host i...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

jfelix

Participant

‎2025-06-04 05:27 PM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Egress Internet Traffic from Single Gateway host in Azure blocked via AWS WAF -HostingProviderIPList

Hi There,
We are an MSP that has a number of clients configured with Azure Hosted Citrix deployments. Egress/Ingress internet traffic is filtered by R82.0 Azure hosted Security Gateway and managed by Smart-1 Cloud Saas Platform.

We are finding random egress traffic is blocked by AWS hosted sites WAF, and i believe this is due to provider utilizing the HostingProviderIPList reputation rules. Additionally we found services like Youtube are now forcing users to sign in when connections are detected from Azure.

We understand we can utilize Azure BYOD PIP service, but from the R&D i have completed it seems the clients need to use /24 PIP as a minimum. Most of the clients aren't large enough to consider this.

While the issue has nothing to do with Checkpoint NVA, i was hopefully of finding any real-life experience on how others have handled this situation without having to change the entire client egress internet flow. On the surface, configuring the NVA to forward egress traffic to a forward proxy sounds like a viable option, but have been unable to find too much technical info around if such an option exists.

thanks in advance