cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ivory

Submit a HTTP 200 Ok response from firewall

Not sure if the following rule be created on a Check Point firewall?

- Device on an internal network sends a request to an external URL (example.com)

- Firewall intercepts request to (example.com) and checks if requesting device is using a specific wireless SSID (examplessid)

- If (examplessid) is being used by the device, return a HTTP 200 Ok response to the device.

0 Kudos
3 Replies
Highlighted
Admin
Admin

Re: Submit a HTTP 200 Ok response from firewall

Not sure I understand what the end goal is here, can you elaborate?
Note that SSID is not something we'll see unless we're talking about an SMB appliance that is actually serving the SSID itself.
0 Kudos
Highlighted

Re: Submit a HTTP 200 Ok response from firewall

Hello,

I'm afraid that not even an intercepting proxy would get the information you are looking for. That is not information exchanged in HTTP communication.

You can however view SSIDs by capturing traffic on the firewall's appropriate interface (the one that belongs to the same broadcast domain as the client) and then view it on Wireshark.

Feel free to clarify what you intend to do so we can help you more.

I hope this helps.

 

0 Kudos
Highlighted
Copper

Re: Submit a HTTP 200 Ok response from firewall

Would checking the source subnet be good enough rather than SSID. I can't think of any reason how someone would end up in the subnet without being on that specific SSID.

 

as for tampering/injecting responses, I don't think a firewall is the right tool for that job. What you could do is create a NAT rule that says 

src: (WLAN subnet)

destination: 1.1.1.1 (whatever the example domain is)

xlate destination: 192.168.1.1 (a webserver you host or on the Internet that will always respsond with 200 Ok.

 

Then if the user is not on the correct SSID they wont match the NAT rule.

 

 

 

 

 

0 Kudos