CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Content Security/Security Servers/CVP/UFP
Reload this Page HTTP Security Server with HTTP Proxy Servers
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2005-08-13
BarryStiefel BarryStiefel is offline
Administrator
  
Join Date: 2005-08-11
Location: San Francisco, CA
Posts: 534
Rep Power: 10
BarryStiefel has disabled reputation
Default HTTP Security Server with HTTP Proxy Servers
HTTP Security Server with HTTP Proxy Servers



Most Proxy Servers can interoperate with any other vendor's proxy server through a mechanism called "chaining." Most proxy servers can be configured to use a proxy server for connectivity. FireWall-1's HTTP Security Server has a function called "HTTP Next Proxy," which is configured in the Rulebase Properties, Security Servers tab. IN NG, this is defined in the firewall's workstation properties, Authentication tab. This allows it to interoperate with any HTTP Proxy.

There are four ways one can use an external HTTP proxy server with FireWall-1:

As a Direct Client



In this case, your proxy server would be placed behind your firewall and could be treated just like any client you wish to allow to have direct access to the Internet. If you wanted to force your users to use the proxy server, you could deny access from any other host on your internal network and allow only your proxy server to access the Internet. In this case, the proxy server has no special configuration other than the default route to the Internet.

As a Proxied Client



Similiar to above, but the proxy server is configured to use the firewall as its proxy server for HTTP and/or FTP (note: FTP is only supported in 4.0). This allows you to use FireWall-1 for authentication or Content Security above and beyond what your proxy server may do.

As a Destination for your Clients



The proxy server, in this case, would be outside the firewall. Your users will use the outside proxy server as their "proxy server." This proxy traffic would pass through the firewall. If you wish to perform content security or authentication on these connections, you will need to specify the proxy server in HTTP Next Proxy (see also RequestToProxyOtherThanNextProxy).

As a "Next Proxy"



In this case, your firewall will be the proxy server that is used by your internal clients. HTTP Next Proxy would be configured to point to your proxy server (which can be anywhere on your network). If the proxy server is behind the firewall, the firewall's security policy must permit the appropriate access from the proxy server.

-- PhoneBoy - 01 Jan 2004

FAQForm FAQs.Class: ContentSecurityFAQs FAQs.OperatingSystem: FAQs.Version:
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 20:06.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0