This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
martyn
Explorer
‎2025-06-25 09:30 AM

Web Smartconsole and reverse proxies.

Hi,

I would like to be able to setup behind a reverse proxy (portal vIP) browser access to multiple Provider-1 domains for access to the <...>/smartconsole service.

It is easy enough to configure a vIP/port (on https://100.64.20.27:801 say ) and to have that map through to a customer-1 domain (100.624.20.29/443. However when you then logon to that domain the Checkpoint web server (CPWS) at the end of the logon connection then sends the following:

 

{"data":{"loginToDomain":{"transportOtt":"107ad894-253d-4638-aa31-1c3e7d23172a","transportUrl":"https://100.64.20.29:443/smartconsole/transport","__typename":"LoginToDomainResponse"}}}

This of course breaks/redirects the browser connection from 100.64.20.27 to 100.64.20.29 and I would expect that the same happens for all of the domains that the Provider-1 is holding. This means that all the domain mgmt IPs are being pushed through to the browser, precluding any possability of being behind a reverse proxy.

Does anyone know how to go about achieving this?

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2025-06-25 04:03 PM

Hmmm might be something to consider as a use case.
Tagging @Tomer_Noy 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-06-25 05:36 PM

I know one customer I work with was advised by their SE to submit RFE for this...not sure if anything ever came out of that, but this was 3 years ago.

Andy

Best,
Andy
0 Kudos
Ofir_Calif
Employee
Employee
‎2025-06-29 12:51 AM

Hi,

Thank you for your question. Unfortunately, Web SmartConsole does not support reverse proxy configurations for MDS environments.

Best regards,
Ofir



martyn
Explorer
‎2025-06-30 02:35 AM
In response to Ofir_Calif

Ofir,

 

Thanks for the confirmation. I would like to see CP correct this setup if possible. Being able to present a logs/policy view more widely without requiring the use of any specific binaries/applications i.e the MDG/SmartConsole would be very useful. But requiring that the internal Domain/CMA IPs have to be used by that wider distribution strikes me as a bit poor and not what I would hope to see from a Security Company.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events