This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Uttam_Ghole
Explorer
‎2022-06-29 05:50 AM

Proxy Exception for destination 169.254.169.254 on security gateway

I am using AWS cloud checkpoint gateway.

Till now my cloud security gateways were not having internet access.

But in future we required internet access for checkpoint gateway to access checkpoint URl via my infra proxy. 

We configured proxy in security gateway through GUI, but this creating one challenge to gateway for accessing AWS metadata while failover happens.

AWS cloud checkpoint gateway do api call to ip 169.254.169.254. As this HTTP call, once proxy configured it gets redirected via proxy. But we dont want this to be redirected to proxy. We wanted to have proxy exception similar to LINUX machine like NO_PROXY configuration. 

Can anyone suggest, how to achieve this?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2022-07-05 01:10 PM

As far as I know, once you configure a proxy, it applies to all traffic (including traffic to 169.254.169.254).
That would make this "as designed" behavior.
Having said that, you should open a TAC case as, at least in that environment, one could classify it as a bug.

0 Kudos
johnnyringo
Advisor
‎2022-07-07 10:28 AM

I have the same requirement in GCP - We want the CheckPoint to use a proxy for Internet access, but not for Google Private Access (199.36.153.8/30) as it creates excess traffic on the proxy and any peering connections required to reach the proxy.  

The proxy is configured at the Gaia OS level and I don't see any options to have exceptions.   So this is likely more of a feature request than a bug, but it's a feature that applies to any environment, not just cloud or AWS.

0 Kudos
Eva_K
Employee Alumnus
Employee Alumnus
‎2022-07-13 04:00 AM
In response to johnnyringo

Per my comment above, please submit an RFE to get this ability.

0 Kudos
johnnyringo
Advisor
‎2022-07-13 09:06 AM
In response to Eva_K

Thanks, request has been submitted

0 Kudos
Eva_K
Employee Alumnus
Employee Alumnus
‎2022-07-13 03:59 AM

Please submit an RFE to get this ability.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events