- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Proxy settings
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Proxy settings
Hi,
Using R77.30
I'm getting the following log entry when attempting to access a website using https that's been allowed in the policy:
"Proxy: Internal error; Connection was rejected due to internal error"
The firewall cluster is set up to use the gateway as a HTTP/HTTPS Proxy in Non Transparent mode
Specific interfaces - inlcudes the LAN interface
Ports 8081 and 8080
Does anything need to be set on the client side to bypass the proxy, or any other changes required on the firewall?
Many thanks for any advice on this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the Security Gateway able to resolve the DNS query for the same URL?
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy,
Thank you for your response, yes the URL can be accessed outside of our organisation on non LAN internet connection.
Unfortunately I don't have access to any Checkpoint support therefore the link doesn't really help.
Kind regards
XC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is suggested by the link I provided.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
thanks, I logged on and no it doesn't look up the DNS name.
The top lookup doesn't work but the bottom one does.
These are two different addresses hosted in AWS, the top one is a new site that needs to be accessed by users, the bottom one is the original one.
Rgds
XC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The firewall needs to allow traffic from the clients to its interface on the ports 8080 and 8081 and from the gateways you need to allow all traffic to port 80 and 443 (and any other port that needs to be allowed).
In your application/urlf policy all destinations need to be empty.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Maarten,
thank you for your input, this is how I inherited the system, I'm not overly familiar with Checkpoints having primarily worked with Cisco and Juniper previously.
The Application/URL filtering blade is allowing the traffic using a catch all rule at the bottom of the policy:
Thanks.
XC
