> > Good day to all. > > I was looking into Firewall-1 as I am in need of configuring it to use > an external HTTP Proxy. Here is my topology: > > 1) FW1 NG with several HTTP rules > 2) Clients are NOT configured to use FW1 as proxy (as matter of fact > they are not configured to use anyone as proxy) > > I need to "redirect" all traffic, sent out via HTTP, through FW1 to a > proxy server. I've seen that this is possible using the > option HTTP Next > Proxy. However, the following questions came to mind: > > 1) Is it possible to put this Proxy server in my DMZ? > (traffic will have > to go back through FW1 without creating a loop) > 2) Is there any other way (other than HTTP Next Proxy) that > might allow > me to configure the proxy server in the individual rules without using > CVP or UFP? I need to mantain a few other rules letting HTTP > out without > passing through the proxy. >
Create under services a new service " http_redirect, with protocol 6 -> then under [advanced] you have to enter in the "match" field SRV_REDIRECT(80,192.168.1.1,8080) which means redirect from port 80 to host 192.168.1.1 port 8080 and no protocol type. Assuming the Proxy parameters are : IP : 192.168.1.1 Port : 8080 Using this setup I redirected web traffic to our Squid Cache (www.squid-cache.org) on the DMZ for specific internal networks. The redirection is applied for rules looking like : Source Destination Service Action --------- ----------- ------- --------- Host/Network Outside http_redirect accept Intercepting proxies may need extra config. setting to handle http requests from proxy unaware clients. M. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
