Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Neil_Plastow
Participant

Firewall as Proxy and Error Pages

We have a R80.10 cluster which has Firewall, IPS, Anti-Virus and Anti-Bot Blades in place and it is being used as a parent proxy. When the IPS/AV detect a virus signature (in this case the test Eicar virus) it drops the connection to the child proxy, however if the Anti-bot detects an issue which is classed as reputation it is redirected to the UserCheck error pages. How do we set up the firewall to redirect all the "proxying" requests to UserCheck when there is a Threat Prevention issue ?

6 Replies
PhoneBoy
Admin
Admin

Is the firewall an explicit proxy in this case?

Because if so, we may not be able to redirect the traffic to a UserCheck page.

See: How to configure Check Point Security Gateway as HTTP/HTTPS Proxy 

Otherwise, a diagram of how the proxies are configured (related to users and Internet) would be helpful.

0 Kudos
Neil_Plastow
Participant

Yes it is being used as an explicit proxy.

The browsers are setup to use a proxy on the internal network which is configured to use the firewall as a parent proxy.

0 Kudos
PhoneBoy
Admin
Admin

How are the clients configured to use your other proxy? By IP/host or through a proxy.pac somewhere?


0 Kudos
Neil_Plastow
Participant

Not 100% as we don't manage the internal proxy but believe it is using a proxy.pac file.

0 Kudos
PhoneBoy
Admin
Admin

What I suspect is happening is that AV/IPS cannot see there's something to block until well after the connection is established (almost over in the case of AV).

As we are past the point of being able to inject any sort of redirect at that point, it's not possible for us to inject a UserCheck page.

As a result, we just drop the connection, which I assume the client proxy then picks up as an issue and displays its own page.

With an Anti-bot reputation, we can check that before a real connection is established and thus display a UserCheck page to the user.

The comment I was going to make about proxy.pac file is to make sure that connections redirected to the gateway itself are not sent through a proxy, which may already be happening.

0 Kudos
Neil_Plastow
Participant

Thanks for looking at this and answering the question, appreciated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events