- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
We have ad environment and checkpoint is in cluster OS Gaia R80.10.
We wanted to configure ad authentication and also enable checkpoint gateway as a non-transparent proxy .
I found below SK sk123673 :- Redirection to Captive Portal is not working when Security Gateway is configured as proxy
How can I configure Proxy with authentication or single sign on
Also we wanted to user SSL VPN so in this case gateway mode and proxy mode both mode is require
G_W_Albrecht
I do not fully understand your question - sk123673 tells us that for customers who want to use R80.10 GW as a non-transparent proxy and UserCheck needs a special Hotfix from CP.
But i also have to add that using the GW as a proxy can have side effects (and it has a lot of other things to do ;-), so i always prefer squid on a server as a proxy!
Exact need is below From COMPANY A without disturbing topology of Company B
Present Setup
-------------------------------------------------------------------
MPLS A and MPLS B is connected with L3 Switch
Presently Users Of Company B and Company A are using internet through MPLS B
== LAN USER configured with Proxy à L3 Switchà MPLS B à Internet of Company B ( Different GEO Location )
== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server
In lan side user which is behind l3 Switch (some users is related to Company A and Some users are Company B ) In same lan connectivity .
-------------------------------------------------------------------
Scenario after checkpoint comes in topology
User A want internet from checkpoint = User Company A -à L3 Switch -à Checkpoint Firewall -à Internet (ISP)
User B want internet from MPLS B = User company B à L3 Switch à MPLS B -à Internet of Company B ( Different GEO Location )
== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This all we need in one cluster (Two Checkpoint Gateway ) With R80.10 OS and MGMT IN VM
So, I'm thinking to do proxy for Company A because we cannot forward default traffic to checkpoint firewall from L3 Switch to entering default route. We can user specific host route and achieve proxy setup
Please help me to solve this issue .
G_W_Albrecht
You could use CP Professional Services to do the configuration.
PhoneBoy
This is a situation where you'd probably want to use VSX.
Each company would be provided a virtual firewall, each of which could have a different default route without using a proxy.
The authentication piece should probably be done with Identity Awareness (specifically Identity Collector) without using Captive Portal, especially if AD is involved.
More info here: Identity Awareness R80.10 Administration Guide
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY