This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Soenke_Weiss1
Participant
‎2025-07-25 04:42 AM
Jump to solution

How to disable http redirect on multiportal/visitor mode

Hello,

 

My customer is using visitor mode so multiportal is running on the external interface. traffic to https://pu.bl.ic.ip is dropped on multiportal correctly. All good so far.  But curling http://pu.bl.ic.ip we receive a redirect to the internal IP address  like this:

master@myhost:~# curl -v -k -H "Host:" http://pu.bl.ic.ip
* Trying pu.bl.ic.ip:80...
* Connected to pu.bl.ic.ip (pu.bl.ic.ip) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.88.1
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 301 Moved Permanently
< Location: https://in.ter.nal.ip
<
* Closing connection 0

Traffic is still dropped on multiportal and port 80, all good, but:

Problem is that Nessus is reporting this as a really old IIS related vulnerability (refer to Solved: CVE-2000-0649 Vulnerability - Check Point CheckMatesplus my customer understandably doesn't want his internal IP disclosed externally. 

This is on a Spark 1900 appliance, I don't know whether it'S specifically for this appliance or if 'Real' GAiA has the same behaviour.

How can I disable this redirect?

Thanks,

Soenke

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-07-25 07:08 AM
Jump to solution

SMB devices don't have multiportal @the_rock but they do have the redirect on port 80.
The first part of this (setting the multi_portal_allow_redirect kernel variable to zero) should fix this.
https://support.checkpoint.com/results/sk/sk165937 

View solution in original post

4 Replies
the_rock
MVP Diamond
MVP Diamond
‎2025-07-25 06:20 AM
Jump to solution

What does mpclient list command show?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-25 07:08 AM
Jump to solution

SMB devices don't have multiportal @the_rock but they do have the redirect on port 80.
The first part of this (setting the multi_portal_allow_redirect kernel variable to zero) should fix this.
https://support.checkpoint.com/results/sk/sk165937 

Soenke_Weiss1
Participant
‎2025-07-30 07:06 AM
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy, this works on SMB appliances as well.

the_rock
MVP Diamond
MVP Diamond
‎2025-07-30 07:15 AM
In response to Soenke_Weiss1
Jump to solution

Good to know!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events