This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Luis_Esteban
Participant
‎2019-04-03 02:44 AM

Is http/https proxy needed to replace old proxy with CP gateway?

We are going to replace our old proxy with our CP gateway using the blades Firewall, Application Control, URL Filtering, Anti-Bot, Anti-Virus, Identity Awareness and Content Awareness

I do not see the point to configure the CP gateway as HTTP/HTTPS Proxy since all the functionality is pretty much covered using the blades and policies. In fact, it would slow the connection. Am I missing anything? The only situation in which we might still need a proxy configuration is for applications that access the Internet using a proxy in our infrastructure and we cannot change that.

We already have some devices that are no using the Proxy but using CP with the blades and policies, and it works very well. Only having some problems when using https inspection.

Thanks in advance

0 Kudos
Reply
3 Replies
PhoneBoy
Admin
Admin
‎2019-04-03 12:49 PM

If your default route doesn't go through the gateway, or you have some apps that require proxy use, then you might have to configure explicit proxy on the Check Point gateway.
Otherwise there's no reason to use proxy mode.
Reply
Maarten_Sjouw
Champion
Champion
‎2019-04-03 02:45 PM
In response to PhoneBoy

Keep in mind that when you want to or need to use the explicit proxy functionality, that you will need a bigger fw, as all the sessions will be from client to gateway and from gateway to internet there is nothing that can be accelerated.
We have one customer where we run the Proxy for a 800Mb connection and about 3000 users with a 15600 HA cluster and this can barely keep up.
Regards, Maarten
Reply
Luis_Esteban
Participant
‎2019-04-04 01:57 AM
In response to PhoneBoy

Thanks! if we have some apps that require proxy use, my understanding is that I can configure a explicit proxy for these apps using port 8080, but for the rest of traffic will go trough the gateway in http/https ports and no proxy mode.
0 Kudos
Reply