This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dehaasm
Collaborator
‎2023-03-01 10:13 AM

Check Point Identity Awareness identity collector agent proxy bypass explicit proxy

Hi All,

I am trying to deploy a Identity Awareness identity collector agent on a server and to bypass the proxy server.

When we try to exclude the agent from the proxy traffic using command it does not work.

netsh winhttp set proxy proxy.company.com:80 "10.0.0.0/8"

Current WinHTTP proxy settings:

Proxy Server(s) : proxy.company.com:80
Bypass List : 10.0.0.0/8

Only when we configure netsh winhttp reset proxy to completely shutdown the proxy on OS level the agent connects successfully to the gateway.

I there any supported documented configuration possibly to exclude the only the IA identity collector agent from proxy traffic using netsh?

 

 

0 Kudos
8 Replies
Sorin_Gogean
Advisor
‎2023-03-02 02:46 AM

Hello,

I don't remember seeing proxy options when I tested the Identity Client (still it was 1 year ago).
Anyway, is the FQDN that you are addressing your client covered by the 10.0.0.0/8 ? You might try to skip some domain or full FQDN, still I'm not convinced netsh supports that.

Thank you,

0 Kudos
dehaasm
Collaborator
‎2023-03-02 02:59 AM
In response to Sorin_Gogean

Hi Sorin,

Yes it is covered with that, only disabling the explicit proxy completely works, hence the reason for the question. If it is not (yet) supported by Check Point I would like to hear that.

0 Kudos
Sorin_Gogean
Advisor
‎2023-03-02 03:11 AM
In response to dehaasm

And with that set-up, you are seeing the Client traffic in the proxy logs ?
Can you try and do that exception at the user level, same time with the machine level. 

Could be that the Identity Client is started by user and not machine (just an ideea).

 

Ty,

0 Kudos
dehaasm
Collaborator
‎2023-03-02 03:40 AM
In response to Sorin_Gogean

Yes with the netsh http proxy reset command we see the logs coming into the gateway and the trust is established.

0 Kudos
Sorin_Gogean
Advisor
‎2023-03-02 04:22 AM
In response to dehaasm

No, no, no, I was asking if you are seeing traffic towards the GW from Identity client in the proxy logs. 

Also you did not tell me anything if you have set the proxy on User ?

 

Ty,

PS: according to some, the domains or FQDN can be also in the bypass list... 'could use this format. netsh winhttp set proxy proxy-server="192.168.2.2:8080" bypass-list="*.ourdomain.com;*.yourdomain.com*"'
So give that a try....

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-02 12:21 PM

@Royi_Priov can you have someone on your team comment on this?

0 Kudos
dehaasm
Collaborator
‎2023-03-17 01:40 AM
In response to PhoneBoy

no answer from internally is it supported to have explicit proxy with IA agent installed?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-17 04:17 PM
In response to dehaasm

I tagged the wrong person.
@Liel_Shaish can you or someone on the team comment on this?

I would also ask the TAC if you haven't already.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events