Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
michaela
Explorer

Submit a HTTP 200 Ok response from firewall

Not sure if the following rule be created on a Check Point firewall?

- Device on an internal network sends a request to an external URL (example.com)

- Firewall intercepts request to (example.com) and checks if requesting device is using a specific wireless SSID (examplessid)

- If (examplessid) is being used by the device, return a HTTP 200 Ok response to the device.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Not sure I understand what the end goal is here, can you elaborate?
Note that SSID is not something we'll see unless we're talking about an SMB appliance that is actually serving the SSID itself.
0 Kudos
Nick_Doropoulos
Advisor

Hello,

I'm afraid that not even an intercepting proxy would get the information you are looking for. That is not information exchanged in HTTP communication.

You can however view SSIDs by capturing traffic on the firewall's appropriate interface (the one that belongs to the same broadcast domain as the client) and then view it on Wireshark.

Feel free to clarify what you intend to do so we can help you more.

I hope this helps.

 

0 Kudos
Ryan_Ryan
Advisor

Would checking the source subnet be good enough rather than SSID. I can't think of any reason how someone would end up in the subnet without being on that specific SSID.

 

as for tampering/injecting responses, I don't think a firewall is the right tool for that job. What you could do is create a NAT rule that says 

src: (WLAN subnet)

destination: 1.1.1.1 (whatever the example domain is)

xlate destination: 192.168.1.1 (a webserver you host or on the Internet that will always respsond with 200 Ok.

 

Then if the user is not on the correct SSID they wont match the NAT rule.

 

 

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events