Create a Post
Showing results for 
Search instead for 
Did you mean: 

Is http/https proxy needed to replace old proxy with CP gateway?

We are going to replace our old proxy with our CP gateway using the blades Firewall, Application Control, URL Filtering, Anti-Bot, Anti-Virus, Identity Awareness and Content Awareness

I do not see the point to configure the CP gateway as HTTP/HTTPS Proxy since all the functionality is pretty much covered using the blades and policies. In fact, it would slow the connection. Am I missing anything? The only situation in which we might still need a proxy configuration is for applications that access the Internet using a proxy in our infrastructure and we cannot change that.

We already have some devices that are no using the Proxy but using CP with the blades and policies, and it works very well. Only having some problems when using https inspection.

Thanks in advance

0 Kudos
3 Replies

If your default route doesn't go through the gateway, or you have some apps that require proxy use, then you might have to configure explicit proxy on the Check Point gateway.
Otherwise there's no reason to use proxy mode.

Keep in mind that when you want to or need to use the explicit proxy functionality, that you will need a bigger fw, as all the sessions will be from client to gateway and from gateway to internet there is nothing that can be accelerated.
We have one customer where we run the Proxy for a 800Mb connection and about 3000 users with a 15600 HA cluster and this can barely keep up.
Regards, Maarten

Thanks! if we have some apps that require proxy use, my understanding is that I can configure a explicit proxy for these apps using port 8080, but for the rest of traffic will go trough the gateway in http/https ports and no proxy mode.
0 Kudos