We don't appear to be able to get a NAT rule to apply on traffic on an internal interface of a Gaia security gateway.
Background:
We have been using Squid proxies for over 20 years and have a variety of systems and deployment tools that have the proxy hard coded (cache.lair.co.za:3128). Whilst it is possible to enable a proxy service on security gateways and edit the default port (8080) to match our legacy environment, application control doesn’t work due to them being written only to match on direct connections (tcp:80 and tcp:443) and HTTP and HTTPS proxy connections on tcp:8080.
We subsequently have to leave the security gateway proxy port configured as 8080 and wanted to create a NAT rule to redirect inbound connections towards the security gateway on 3128 to 8080.
What we did:
[davidh@zajnb01-kvm2c ~]# telnet cache.lair.co.za 8080
Trying 100.127.254.1...
Connected to cache.lair.co.za (100.127.254.1).
Escape character is '^]'.
[davidh@zajnb01-kvm2c ~]# telnet cache.lair.co.za 3128
Trying 100.127.254.1...
telnet: connect to address 100.127.254.1: Connection refused
Are there restrictions on NAT policies that I'm perhaps unaware of?
| User | Count |
|---|---|
| 31 | |
| 13 | |
| 13 | |
| 10 | |
| 10 | |
| 7 | |
| 5 | |
| 5 | |
| 4 | |
| 3 |
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
