- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
We have ad environment and checkpoint is in cluster OS Gaia R80.10.
We wanted to configure ad authentication and also enable checkpoint gateway as a non-transparent proxy .
I found below SK sk123673 :- Redirection to Captive Portal is not working when Security Gateway is configured as proxy
How can I configure Proxy with authentication or single sign on
Also we wanted to user SSL VPN so in this case gateway mode and proxy mode both mode is require
I do not fully understand your question - sk123673 tells us that for customers who want to use R80.10 GW as a non-transparent proxy and UserCheck needs a special Hotfix from CP.
But i also have to add that using the GW as a proxy can have side effects (and it has a lot of other things to do ;-), so i always prefer squid on a server as a proxy!
Exact need is below From COMPANY A without disturbing topology of Company B
Present Setup
-------------------------------------------------------------------
MPLS A and MPLS B is connected with L3 Switch
Presently Users Of Company B and Company A are using internet through MPLS B
== LAN USER configured with Proxy à L3 Switchà MPLS B à Internet of Company B ( Different GEO Location )
== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server
In lan side user which is behind l3 Switch (some users is related to Company A and Some users are Company B ) In same lan connectivity .
-------------------------------------------------------------------
Scenario after checkpoint comes in topology
User A want internet from checkpoint = User Company A -à L3 Switch -à Checkpoint Firewall -à Internet (ISP)
User B want internet from MPLS B = User company B à L3 Switch à MPLS B -à Internet of Company B ( Different GEO Location )
== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This all we need in one cluster (Two Checkpoint Gateway ) With R80.10 OS and MGMT IN VM
So, I'm thinking to do proxy for Company A because we cannot forward default traffic to checkpoint firewall from L3 Switch to entering default route. We can user specific host route and achieve proxy setup
Please help me to solve this issue .
You could use CP Professional Services to do the configuration.
This is a situation where you'd probably want to use VSX.
Each company would be provided a virtual firewall, each of which could have a different default route without using a proxy.
The authentication piece should probably be done with Identity Awareness (specifically Identity Collector) without using Captive Portal, especially if AD is involved.
More info here: Identity Awareness R80.10 Administration Guide
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY