SurfControl is OPSEC compliant. You can reinstall the standalone version on a server. Just call SurfControl and tell them what you want to do. Your current SC license will allow you to switch platforms at no charge.
Create the OPSEC object on your firewall and modify your current web traffic rule to use the OPSEC object and you're done. Keep in mind that when you use SurfControl this way, you lose the ability to create user based rules on your SurfControl server. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Warrington Bruce - bwarri Sent: Wednesday, July 27, 2005 12:30 PM To: [email protected] Subject: Re: [FW-1] Routing web traffic in Site to Site VPN If you want to eliminate the proxy setting in the browser, you can use WCCP at one of the router hops upstream from the firewall, and have it redirect to the proxy, which just has some more limitations to what you might be doing compared to a proxy setting in the browser itself. If you're trying to eliminate a proxy all together, but just have a device see all traffic so it can log, can you just port span the switch port the firewall is attached to so the other device can see the same traffic? Sorry, I'm not familiar with surf control, so I'm not sure if it's a proxy type device (where WCCP would come in) or just a monitoring / logging device in addition to the firewall (where a port span might work), or one of those in the "other" category, that doesn't proxy but tries to watch traffic and push an RST packet back to block web traffic that's not allowed (where port span might work, but the firewall might be unhappy with something spoofing reset packets given the stateful inspection). -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Prekop, Joe Jr. Sent: Tuesday, July 26, 2005 20:52 To: [email protected] Subject: [FW-1] Routing web traffic in Site to Site VPN I am setting up a site to site VPN using an Edge x16 to our checkpoint firewall R55 (SPLAT). The VPN tunnel is up and all traffic is being routed through the tunnel. Instead of allowing all internet http, and https traffic to hit the firewall and be routed out to the internet, I need to redirect the traffic to the inside interface on the firewall so that our web monitoring software (surf control) can see the traffic and log the users activity. Right now I am using a proxy server and it works just fine. I would like to eliminate the proxy server. Any ideas how I can accomplish this without having to use proxy servers?? Thanks Joe ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ********************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
