CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: Mobile Access Reverse Proxy - Anyone used yet

  1. #1
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Mobile Access Reverse Proxy - Anyone used yet

    Is there anyone out there that has used the Check Point Mobile Access Reverse Proxy in the real world yet.

    If so how have they found it.

  2. #2
    Join Date
    2018-03-05
    Posts
    2
    Rep Power
    0

    Default Re: Mobile Access Reverse Proxy - Anyone used yet

    While I don't have a definitive answer for this question, I am also interested in using a Gaia 80.x gateway as a reverse proxy for a host of Web applications, pretty much all using TCP 443 and a wildcard commercial cert. I did manage to pry the following out of a CP engineer, although this is as yet untested:

    "Stick with the guide above, ignore what I said over phone. If all your 13 apps are just different web sites you should be able to use reverse proxy to publish them
    See examples 4 and 5 in the Sk [110348] above"

    In response to this advice from Checkpoint, I subsequently asked whether only authenticated client VPN users can make use of this reverse proxy service, which is kind of the language in SK 110348 is structured. They never did answer that question. That wouldn't make much sense, but I'm kind of in a limbo, recursive situation with my Gaia device such that I'd like to know for sure from someone in the real world, not some CP engineer reading from a script and hoping for the best, that the reverse proxy service works like others and doesn't require Remote Access authentication. At this point, no senseless design decision would surprise me.

    If you get an answer, I'd love to hear it - Dale.

  3. #3
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Mobile Access Reverse Proxy - Anyone used yet

    If the Reverse Proxy feature required authentication, why wouldn't you just use Mobile Access Blade, which already provides this?
    The whole reason the Reverse Proxy functionality was created was to support situations where you don't want the MAB portal, including the authentication it provides/requires.
    In fact, "access control on user level" is explicitly mentioned as a limitation in sk110348.

    Obviously, you're asking for real world experience, which I totally respect and understand.
    That said, I figured I should clarify what the documentation says.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  4. #4
    Join Date
    2018-03-05
    Posts
    2
    Rep Power
    0

    Default Re: Mobile Access Reverse Proxy - Anyone used yet

    Ya, agreed PhoneBoy. I've got a bad taste in my mouth from 2 recent incidents highlighting some truly baffling engineering decisions on the part of CP, so please do pardon my skepticism. That this feature is titled, and whose documentation is littered with, the words 'Mobile Access' triggers my spidey senses in the same way those other 2 as-yet-unresolved support cases did. Of course, you're right that the purpose of any other reverse proxy one might encounter in the field would be to route unauthenticated traffic, but I haven't heard anyone at CP or elsewhere say in as many words, 'yes, the Mobile Access reverse proxy works like every other reverse proxy and has really nothing to do with Mobile Access, despite the ubiquity of those two words in all the documentation'. That's really the kind of definitive, non-speculative information I was hoping to acquire. CP themselves somehow don't seem to have that answer, so that leaves us with our trusty peers here on the CP user forum.

    At this point, I can't actually try it out for myself either. Longish story. But I will certainly update this thread once I have a nice firm, firsthand answer - Dale.

  5. #5
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Mobile Access Reverse Proxy - Anyone used yet

    The Reverse Proxy was developed by and is maintained by the same team that is responsible for Mobile Access Blade.
    I can say that as someone who both works for Check Point and is familiar with the early development of this feature.
    And yes, I completely understand the confusion, which I hope I've helped to clear.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. URI Security Server as a Reverse Proxy?
    By Spacetrucker in forum Content Security/Security Servers/CVP/UFP
    Replies: 3
    Last Post: 2014-03-05, 07:32
  2. Reverse Proxy for OWA and SSL connection
    By marcko32 in forum Check Point Firewall Administrator's Toolkit
    Replies: 5
    Last Post: 2012-11-20, 12:48
  3. Reverse Proxy Servers, are they useful or useless?
    By Spacetrucker in forum Miscellaneous
    Replies: 8
    Last Post: 2009-02-12, 11:24
  4. Use FW-1 as HTTPS -> HTTP reverse proxy?
    By RayPesek in forum Content Security/Security Servers/CVP/UFP
    Replies: 2
    Last Post: 2008-02-09, 16:44
  5. FireWall-1 as a reverse HTTP proxy
    By Barry J. Stiefel in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 0
    Last Post: 2005-08-13, 13:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •