Create a Post
Uttam_Ghole
Explorer

Proxy Exception for destination 169.254.169.254 on security gateway

I am using AWS cloud checkpoint gateway.

Till now my cloud security gateways were not having internet access.

But in future we required internet access for checkpoint gateway to access checkpoint URl via my infra proxy. 

We configured proxy in security gateway through GUI, but this creating one challenge to gateway for accessing AWS metadata while failover happens.

AWS cloud checkpoint gateway do api call to ip 169.254.169.254. As this HTTP call, once proxy configured it gets redirected via proxy. But we dont want this to be redirected to proxy. We wanted to have proxy exception similar to LINUX machine like NO_PROXY configuration. 

Can anyone suggest, how to achieve this?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

As far as I know, once you configure a proxy, it applies to all traffic (including traffic to 169.254.169.254).
That would make this "as designed" behavior.
Having said that, you should open a TAC case as, at least in that environment, one could classify it as a bug.

0 Kudos
johnnyringo
Collaborator

I have the same requirement in GCP - We want the CheckPoint to use a proxy for Internet access, but not for Google Private Access (199.36.153.8/30) as it creates excess traffic on the proxy and any peering connections required to reach the proxy.  

The proxy is configured at the Gaia OS level and I don't see any options to have exceptions.   So this is likely more of a feature request than a bug, but it's a feature that applies to any environment, not just cloud or AWS.

0 Kudos
Eva_K
Employee
Employee

Per my comment above, please submit an RFE to get this ability.

0 Kudos
johnnyringo
Collaborator

Thanks, request has been submitted

0 Kudos
Eva_K
Employee
Employee

Please submit an RFE to get this ability.

0 Kudos