Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Collaborator

Checkpoint Gateway Proxy Mode Configuration

We have ad environment and checkpoint is in cluster OS Gaia R80.10.

 

We wanted to configure ad authentication and also enable checkpoint gateway as a non-transparent proxy .

 

I found below SK sk123673   :- Redirection to Captive Portal is not working when Security Gateway is configured as proxy

 

How can I configure Proxy with authentication or single sign on

 

 

 

 

Harmesh Yadav
0 Kudos
Reply
6 Replies
Collaborator

Also we wanted to user SSL VPN so in this case gateway mode and proxy mode both mode is require

Harmesh Yadav
0 Kudos
Reply
Champion
Champion

I do not fully understand your question - sk123673 tells us that for customers who want to use R80.10 GW as a non-transparent proxy and UserCheck needs a special Hotfix from CP.

But i also have to add that using the GW as a proxy can have side effects (and it has a lot of other things to do ;-), so i always prefer squid on a server as a proxy!

Collaborator

Exact need is below From COMPANY A without disturbing topology of Company B

  1.  Checkpoint Gateway In Proxy Mode (Explicit Proxy )
  2.   AD authentication
  3.   SSL VPN
  4.   IP based Internet and MPLS Connectivity .

Present Setup

-------------------------------------------------------------------

MPLS A and MPLS B is connected with L3 Switch

Presently Users Of Company B  and Company A are using internet through MPLS B

==   LAN USER  configured with Proxy à L3 Switchà MPLS B  à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

In lan side user which is behind l3 Switch (some users is related to Company A and Some users are Company B ) In same lan connectivity .

-------------------------------------------------------------------

Scenario after checkpoint comes in topology

User A want internet from checkpoint  =  User Company A -à L3 Switch -à Checkpoint Firewall -à Internet (ISP)

User B want internet from MPLS B    = User company B à L3 Switch à MPLS B -à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This all we need in one cluster (Two Checkpoint Gateway ) With R80.10 OS and MGMT IN VM

So, I'm thinking to do proxy for Company A because we cannot forward default traffic to checkpoint firewall from L3 Switch to entering default route. We can user specific host route and achieve proxy setup

Harmesh Yadav
0 Kudos
Reply
Collaborator

Please help me to solve this issue .

Harmesh Yadav
0 Kudos
Reply
Champion
Champion

You could use CP Professional Services to do the configuration.

0 Kudos
Reply
Admin
Admin

This is a situation where you'd probably want to use VSX.

Each company would be provided a virtual firewall, each of which could have a different default route without using a proxy.

The authentication piece should probably be done with Identity Awareness (specifically Identity Collector) without using Captive Portal, especially if AD is involved.

More info here: Identity Awareness R80.10 Administration Guide 

0 Kudos
Reply