This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bsb
Explorer
‎2019-10-15 07:55 PM

header to identify inbound original ip after nat hide nat

Hi, 

below is the scenario

Internet -- > Checkpoint Firewall (any internet Nat'd to firewall external interface ip hide nat) ---- > Load balancer -- > backend server

Need to identify the inbound public ip post performing Nat in checkpoint firewall for analysis.

Is there a way to see this original inbound public ip in packet captures with different header name like xff etc....

thanks 

BSB

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-10-17 04:37 PM

If you're doing this with NAT, no.
I believe you can achieve this with MAB Reverse Proxy.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

However that SK says it doesn't add XFF.
However, you can add it by editing the reverse proxy conf file
$CVPNDIR/conf/ReverseProxy_conf/httpd_common.conf
Add the line -
CvpnAddHeader "X-Forwarded-For" "$CLIENTIP" – to the end of the file.
Save changes and run ReverseProxyCLI apply config
0 Kudos
bsb
Explorer
‎2019-10-18 08:11 PM
In response to PhoneBoy

Hi, 

This is for inbound connection.

below is the scenario.

 

1. ISP --- > inbound traffic -- > FW (incoming interface 1 and exit interface 2) --- > Load balancer --- > backend servers.

2. Same ISP -- > inbound traffic -- > FW (same firewall - incoming interface 1 and exit interface 5 ) -- > Load balancer(same LB) -- > backend servers.

 

problem is already we have a default route pointing towards firewall interface 2 from load balancer.

having one more default towards different different interface is not feasible.scenario.png

hence inbound public ip is natted, nat ip reaches LB, where LB has the comfort of routing nat'd ip towards different interface.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-19 05:32 AM
In response to bsb

MAB Reverse Proxy will proxy the connection, originating it from the Security Gateway so NAT will not be required.
It can also add the XFF header, assuming you configure it as described.
Check Point does not provide a mechanism to add an XFF header when using NAT alone.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events