Hello,
we have the following problem, regarding HTTP-/HTTPS-Proxy on our CheckPoint ClusterXL R81.10:
The cluster is configured as a non-transparent http/https-proxy on one cluster-vip-ip port 8080. We even host some websites on internal webservers, that are available via a external NAT on the cluster-xl, redirecting to internal webservers / reverse proxies:
External Client -----> www -----> public Cluster-IP -----> NAT to Webserver -----> Webserver
Now when our internal clients want to view a webpage, that is hosted on our internal servers, the page is not available.
So the process is:
1. Client resolves the dns-name of the webpage to the public ip.
2. Client opens a proxy-session with the checkpoint-cluster
At this point we want to have a NAT-Rule that redirects traffic, originally sent to our public Cluster-IP (original Dst) to our internal Webserver (translated Dst).
The standard NAT-Rule doesn´t work:
Internal Clients -----> public Cluster-IP:https -----> Original Src. -----> Internal Webserver
Is there a trick, so we can redirect http-/https-proxy-traffic to an internal server?
Thanks and best regards