This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mjcymru
Explorer
‎2020-07-14 01:41 AM

XFF stripping

Hi, we are seeing XFF headers coming from our application traffic management device that goes through our checkpoint ending up at our webserver. At some point the Checkpoint is stripping the XFF header before it hits the web server and we just see xxxxxxxx

The interface this leaves the checkpoint has the option "interface leads to dmz" and is the only one that does.  Is this likely to be the cause of the header being removed?

what are the knock-ons of removing this option and are there other ways we can achieve this?

Thanks!

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2020-07-14 03:11 AM

Please look here and let me know if it helps: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You can control stripping, it's described in the SK

0 Kudos
mjcymru
Explorer
‎2020-07-14 03:18 AM
In response to _Val_


Thanks for the reply, We have those options enabled including 'Hide X-Forwarded-For in outgoing traffic' and when we disable this it works though we wouldn't want XFF going out beyond our network either, if this is a possibility?

0 Kudos
_Val_
Admin
Admin
‎2020-07-14 03:48 AM
In response to mjcymru

Yes, it is possible. The SK I have provided you, it has the config steps and also troubleshooting options. If you still cannot achieve the goal, please open a support request.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events