cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Checkpoint Gateway Proxy Mode Configuration

We have ad environment and checkpoint is in cluster OS Gaia R80.10.

 

We wanted to configure ad authentication and also enable checkpoint gateway as a non-transparent proxy .

 

I found below SK sk123673   :- Redirection to Captive Portal is not working when Security Gateway is configured as proxy

 

How can I configure Proxy with authentication or single sign on

 

 

 

 

0 Kudos
6 Replies

Re: Checkpoint Gateway Proxy Mode Configuration

Also we wanted to user SSL VPN so in this case gateway mode and proxy mode both mode is require

0 Kudos

Re: Checkpoint Gateway Proxy Mode Configuration

I do not fully understand your question - sk123673 tells us that for customers who want to use R80.10 GW as a non-transparent proxy and UserCheck needs a special Hotfix from CP.

But i also have to add that using the GW as a proxy can have side effects (and it has a lot of other things to do ;-), so i always prefer squid on a server as a proxy!

Re: Checkpoint Gateway Proxy Mode Configuration

Exact need is below From COMPANY A without disturbing topology of Company B

  1.  Checkpoint Gateway In Proxy Mode (Explicit Proxy )
  2.   AD authentication
  3.   SSL VPN
  4.   IP based Internet and MPLS Connectivity .

Present Setup

-------------------------------------------------------------------

MPLS A and MPLS B is connected with L3 Switch

Presently Users Of Company B  and Company A are using internet through MPLS B

==   LAN USER  configured with Proxy à L3 Switchà MPLS B  à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

In lan side user which is behind l3 Switch (some users is related to Company A and Some users are Company B ) In same lan connectivity .

-------------------------------------------------------------------

Scenario after checkpoint comes in topology

User A want internet from checkpoint  =  User Company A -à L3 Switch -à Checkpoint Firewall -à Internet (ISP)

User B want internet from MPLS B    = User company B à L3 Switch à MPLS B -à Internet of Company B ( Different GEO Location )  

== LAN User Who wanted to use Application behind mpls A à L3 à MPLS Aà Application Server

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This all we need in one cluster (Two Checkpoint Gateway ) With R80.10 OS and MGMT IN VM

So, I'm thinking to do proxy for Company A because we cannot forward default traffic to checkpoint firewall from L3 Switch to entering default route. We can user specific host route and achieve proxy setup

0 Kudos

Re: Checkpoint Gateway Proxy Mode Configuration

Please help me to solve this issue .

0 Kudos

Re: Checkpoint Gateway Proxy Mode Configuration

You could use CP Professional Services to do the configuration.

0 Kudos
Admin
Admin

Re: Checkpoint Gateway Proxy Mode Configuration

This is a situation where you'd probably want to use VSX.

Each company would be provided a virtual firewall, each of which could have a different default route without using a proxy.

The authentication piece should probably be done with Identity Awareness (specifically Identity Collector) without using Captive Portal, especially if AD is involved.

More info here: Identity Awareness R80.10 Administration Guide 

0 Kudos