Hey all...
So.. does anyone know how to configure MultiPortal? No, I don't mean just the Mobile Access/Connectra/SSLVPN portal, or just the UserCheck Portal, and the individual ones. I mean "MULTIPORTAL" itself, the big one at the top.
I got the TLS protocol edits (SmartConsole - Global Properties - Advanced - Customize - Portal Properties - min/max). I got the TLS ciphers (cipher_util and multi_portal_cipher_priority.conf and 'fw fetch local'). However, what about the HTTP headers? I need to edit those for PCI compliance. Yes I saw the SK about PCI (sk138813), but that was just about the Mobile Access/SNX/CSHELL portal; my customers aren't using that.
I know the different URIs in the HTTP request get handed to the internal reverse proxies and alternate proxy ports, and each of those have their own configurations (wow, what a zoo this is!). Things get more exciting if you move the Gaia/API portal to an alternate port in CLISH (set web ssl-port ...), in which case that's in another config (and I got that already, along with template_xlate). But again, that's not what I'm seeking.
I see $CPAPACHEDIR/conf/cp-httpd.conf but that is for the Gaia/API WebUI (and I see this as "Server: CPWS" in server HTTP response; I already got this configured like I need it, however this is not MultiPortal.). The HTTP server I'm seeking is the one that issues "Server: Check Point SVN Foundation" as the server banner. That is MultiPortal (and/or the VPN daemon itself?).
I've made tons of edit attempts in all kinds of portal config places (and yes, restarting MPDAEMON via cpwd_admin each time), but none of those give me the changes I need for the HTTP headers. No SK has been useful for splicing together the desired configuration, either. Everything keeps come up with specifically "Mobile Access" portal, and again.. that's not what I need.
I know I can turn off certain portals I don't want (SNX, Captive Portal, UserCheck....), but if a portal is needed, then how in the world do I edit certain values, like the Headers?