Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andre91
Explorer

CRL Download via LDAP with HTTP-Proxy

Hey Check Point team and community,

we set up our http(s)-proxy on our clusterXL. Now we have the following problem:

One of our endpoints wants to download crl-lists via ldap. He connects with the proxy-service on the checkpoint and gets dropped.

We added an access-role with service/application "Certificate Revocation List" and even added port tcp/389 to the application but the rule doesn´t get a hit.

A further rule with ldap in service/application-column doesn´t get a hit. just the drop rule matches. 

How can I get this to work?

Thanks and best regards

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

Non web traffic wouldn't typically reference the check point proxy unless routed toward it via a default route.

What does the drop log tell you about why the traffic isn't matching?

CCSM R77/R80/ELITE
0 Kudos
Andre91
Explorer

Hey @Chris_Atkinson and thanks for the quick reply.

We have multiple sublayers configured. If a source matches, it gets a layer deeper and goes over the allow-rules till it gets dropped. In this case I get two log-records for the drop-rule. One with blade url-filtering, one with firewall.

I try to send you the screenshot via private chat.

Regards

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Replied to your message.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events