This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2021-07-26 08:23 PM

Cloudguard Appsec Integration with existing nginx reverse proxy

Hi Team,

Does AppSec works with nginx reverse proxy? Lets say I have 5 portals behind nginx reverse proxy as a on-prem server.

Can I -

  • Deploy on-prem Nginx integration with AppSec
  • Also we are deciding to move to the cloud wondering then can we move to the cloud?

 

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
11 Replies
Nir_Shamir
Employee Employee
Employee
‎2021-07-27 01:31 AM

Hi,

You can deploy our Agent on a Linux Server with NGINX deployed on it.

I have done it in a lab environment and it worked with no issues.

When you move to a cloud environment you can just deploy another agent in the new deployment on the server or as a CloudGuard AppSec Gateway to protect it.

Blason_R
Leader
Leader
‎2021-07-27 05:51 AM
In response to Nir_Shamir

Hi,

What if I have multiple portals configured in reverse proxy? Can single agent detect those multiple portals? How are the SKUs per portal or per agent.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-07-27 06:23 AM
In response to Blason_R

I think the license is per amount of requests or something like that.

anyway you configure on the Agent the IP addresses that it needs to protect so if the requests are going to IP addresses on that server then he will protect all of the portals.

0 Kudos
Blason_R
Leader
Leader
‎2021-07-27 06:30 AM
In response to Nir_Shamir

Thanks man - the Idea is currently we are using mod_sec and protecting apps like

  • example.com
  • test.testing.com
  • one.notsecurenet.in

etc..

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Shay_Levin
Admin
Admin
‎2021-07-27 10:48 PM
In response to Blason_R

Hi @Blason_R , 

If you need help with deployment, let me know and i will make sure you will get assistance.

0 Kudos
Blason_R
Leader
Leader
‎2021-07-27 11:03 PM
In response to Shay_Levin

Thanks Shay - Since we have done numerous Nginx reverse proxy installations we are pretty confident on it. However I am replicating and testing in my partner portal account and in my test environment. So far is going good and have integrated with nginx.

Once I am confident we then can replicate the same story with our customers as Nginx reverse proxy. However I am confused about commercials and workings.

lets discuss that later for sure - Let me first finish the technical part and if I am stuck will contact you for sure.

 

TIA

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Blason_R
Leader
Leader
‎2021-07-28 08:07 PM
In response to Blason_R

Thanks Guys!! It worked perfectly with my test setup and nginx reverse proxy. 😀

Trying few more scenarios with multiple URLs.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Preview file
63 KB
Preview file
65 KB
0 Kudos
Blason_R
Leader
Leader
‎2021-07-28 09:33 PM
In response to Blason_R

Hi @Shay_Levin 

I am facing this unique issue in further testing. Now my reverse proxy holds two URLs

www.hackme.com

www.box.com

I created two assets for two different websites. However both my websites are getting blocked by Check Point Infinity agent even though I set the profile accordingly. Now for testing purpose I stopped the agent with cpnano -q and both the sites started accessing properly. However when I start the agent it blocks again.

Any reason why?

I restarted the agent but its still blocking the legitimate requests

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Preview file
19 KB
Preview file
53 KB
Preview file
40 KB
Preview file
40 KB
Preview file
63 KB
Preview file
17 KB
0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-07-29 04:02 AM
In response to Blason_R

@Blason_R  what do you see in the logs ? what is the reason it was blocked ?

could be that the site is vulnerable ?

0 Kudos
Blason_R
Leader
Leader
‎2021-07-30 07:33 PM
In response to Nir_Shamir

Thanks @Nir_Shamir I had a offline discussion with Shay, Gal and Eyal and found the issue. Well certain features are still in EA and have activated prevent mode directly without learning mode.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Blason_R
Leader
Leader
‎2021-08-02 01:25 AM
In response to Blason_R

Thanks a lot @Shay_Levin  for helping me out on resolving the issue. It was due to the setting on asset for blocking non-relevant applications and since my web server was listening on other portal request is being blocked by agent.

We added the setting in nginx web server and bypassed that location.

Thanks a lot Team!!

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events