Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Checkpoint Gateway Proxy Mode Configuration

We have ad environment and checkpoint is in cluster OS Gaia R80.10.

 

We wanted to configure ad authentication and also enable checkpoint gateway as a non-transparent proxy .

 

I found below SK sk123673   :- Redirection to Captive Portal is not working when Security Gateway is configured as proxy

 

How can I configure Proxy with authentication or single sign on

 

 

 

 

Harmesh Yadav
0 Kudos
6 Replies
Highlighted
Collaborator

Also we wanted to user SSL VPN so in this case gateway mode and proxy mode both mode is require

Harmesh Yadav
0 Kudos
Highlighted
Champion
Champion

I do not fully understand your question - sk123673 tells us that for customers who want to use R80.10 GW as a non-transparent proxy and UserCheck needs a special Hotfix from CP.

But i also have to add that using the GW as a proxy can have side effects (and it has a lot of other things to do ;-), so i always prefer squid on a server as a proxy!

Highlighted
Collaborator

Exact need is below From COMPANY A without disturbing topology of Company B

  1.  Checkpoint Gateway In Proxy Mode (Explicit Proxy )
  2.   AD authentication
  3.   SSL VPN
  4.   IP based Internet and MPLS Connectivity .

Present Setup

-------------------------------------------------------------------

MPLS A and MPLS B is connected with L3 Switch

Presently Users Of Company B  and Company A are using internet through MPLS B

==   LAN USER  configured with Proxy à L3 Switchà MPLS B  à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

In lan side user which is behind l3 Switch (some users is related to Company A and Some users are Company B ) In same lan connectivity .

-------------------------------------------------------------------

Scenario after checkpoint comes in topology

User A want internet from checkpoint  =  User Company A -à L3 Switch -à Checkpoint Firewall -à Internet (ISP)

User B want internet from MPLS B    = User company B à L3 Switch à MPLS B -à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This all we need in one cluster (Two Checkpoint Gateway ) With R80.10 OS and MGMT IN VM

So, I'm thinking to do proxy for Company A because we cannot forward default traffic to checkpoint firewall from L3 Switch to entering default route. We can user specific host route and achieve proxy setup

Harmesh Yadav
0 Kudos
Highlighted
Collaborator

Please help me to solve this issue .

Harmesh Yadav
0 Kudos
Highlighted
Champion
Champion

You could use CP Professional Services to do the configuration.

0 Kudos
Highlighted
Admin
Admin

This is a situation where you'd probably want to use VSX.

Each company would be provided a virtual firewall, each of which could have a different default route without using a proxy.

The authentication piece should probably be done with Identity Awareness (specifically Identity Collector) without using Captive Portal, especially if AD is involved.

More info here: Identity Awareness R80.10 Administration Guide 

0 Kudos