Natting Proxy-Traffic to internal IP

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hello,

we have the following problem, regarding HTTP-/HTTPS-Proxy on our CheckPoint ClusterXL R81.10:

The cluster is configured as a non-transparent http/https-proxy on one cluster-vip-ip port 8080. We even host some websites on internal webservers, that are available via a external NAT on the cluster-xl, redirecting to internal webservers / reverse proxies:

External Client -----> www -----> public Cluster-IP -----> NAT to Webserver -----> Webserver

Now when our internal clients want to view a webpage, that is hosted on our internal servers, the page is not available.

So the process is:

1. Client resolves the dns-name of the webpage to the public ip.

2. Client opens a proxy-session with the checkpoint-cluster

At this point we want to have a NAT-Rule that redirects traffic, originally sent to our public Cluster-IP (original Dst) to our internal Webserver (translated Dst).

The standard NAT-Rule doesn´t work:

Internal Clients -----> public Cluster-IP:https -----> Original Src. -----> Internal Webserver

Is there a trick, so we can redirect http-/https-proxy-traffic to an internal server?

Thanks and best regards