Are you saying, if we use content inspection it turn the firewall into a proxy server, if we use resource definition it turn the firewall into a proxy server.
Then they should change their trademark from "We secure the internet" to "We PROXY the internet" -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Hugo van der Kooij Sent: Wednesday, March 26, 2008 1:40 AM To: [email protected] Subject: Re: [FW-1] Nat 0 >> Are you using resource definitions are anything like that that will >> result in your traffic being proxied by your firewall? > > We are using a resource for HTTP "blocked sites" which is being provided > by Websense. > This isn't new though. > > Also, we did determine that https traffic is being translated correctly. > And if we remove the "http" Protocol Type from the port 80 security > rule, the translation occur correctly. > > I think I forgot to mention that the Nat 0 rule is translating the > source as the cluster interface address instead of our specific nats. So you have found out that Check Point works exactly as it should do. If you use resource definitions you make a proxy of the box. So the sessions start again from the firewall. Disable the protocol definition and you disable the proxy so you are back to the old NAT rules. That seems to me the problem is solved. It now works the way it should do according to your configuration. Hugo. -- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
