This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
Authority
Authority
‎2023-02-10 12:36 AM

Gateway as HTTP/HTTPS Proxy

We have a requirement to use a gateway as HTTP / HTTPS proxy for around 25.000 clients. I'm not really happy in the past with the proxy feature on Check Point appliances and I know the limitation. We are in discussion with the local SEs but I want to ask here and maybe someone has experience wiht the newer releases and the proxy feature.

The gateway should be the proxy for the clients and forward the traffic to internet or another proxy and we want to do some URL-filtering on this traffic.

Any suggestion are welcome.

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-02-10 01:15 AM

Sizing is the primary concern since all traffic will be F2F, refer:

sk92482 - Performance impact from enabling HTTP/HTTPS Proxy functionality

CCSM R77/R80/ELITE
Wolfgang
Authority
Authority
‎2023-02-10 01:26 AM
In response to Chris_Atkinson

@Chris_Atkinson Yes I know. We are running an Maestro environment and it's no problem to add more appliances. This is the real benefit of Maestro. Does Check Point knows such a solution with proxy feature enbled ?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-10 01:36 AM
In response to Wolfgang

In practice I've personally only seen this done across multiple discrete gateways / clusters using WPAD/PAC or DNS-RR to load-balance.

Possibly something you could replicate with multiple SGs.

Would recommend having your SE engage with Solution Center to arrive at the correct approach.

CCSM R77/R80/ELITE
0 Kudos
Gojira
Collaborator
Collaborator
‎2023-02-10 01:50 AM
In response to Wolfgang

It being maestro i would also do an estimation of connection numbers.

As the connection number limit in Maestro i much lower than on the regular gateway.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-10 04:32 AM
In response to Gojira

Whilst true to extent it depends on the exact number & model of gateways (and their memory population) used as to exactly how relevant that is to a given deployment.

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events