mateusrm
asked on
Redirecting a port with Checkpoint Firewall-1
Hi, I have my checkpoint firewall as the default gateway of my LAN. I have another machine with Squid as proxy inside my LAN. Since checkpoint is the default gateway of my network, I want to all the connections from my lan with the destination port 80 be redirected to my proxy on port 3128 (default squid port). Does anyone know how to do that in Checkpoint?
ASKER
But I have a lot of clients and I wanna do a transparent proxy, some clients are out of the city and I can't go there and configurate manually.
Depending on your FW-1 version, this may not work.
Older versions performed the NAT after the OS performed the routing decision. The routing decision is to send the traffic to the Internet, not to the DMZ.
Newer versions solve this problem by performing the NAT on the inbound side, before any routing decision is made. This is enabled by checking the checkbox "Translate destination on client side" under the "Manual NAT rules", in the Global Properties, in the NAT tab. Make sure you check the manual one, not the automatic one.
If you have an older version, and the checkbox doesn't exist on your version, write back and I'll suggest another possible solution.
Older versions performed the NAT after the OS performed the routing decision. The routing decision is to send the traffic to the Internet, not to the DMZ.
Newer versions solve this problem by performing the NAT on the inbound side, before any routing decision is made. This is enabled by checking the checkbox "Translate destination on client side" under the "Manual NAT rules", in the Global Properties, in the NAT tab. Make sure you check the manual one, not the automatic one.
If you have an older version, and the checkbox doesn't exist on your version, write back and I'll suggest another possible solution.
ASKER
The checkpoint complains that this is a invalid rule. It says that I can't use the destination ANY on the original packet. I didn't find this checkbox in checkpoint, I think my version is really old. It is 4.1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What about HTTPS traffic, how can I redirect it?
Source Destination Protocol Source Destination Protocol
Internal_LAN Any http Any squid_srv 3128
But wouldn't it be better to just point the client's webbrowser to use the squid as proxy server? Which internet browser are you running?
Kind regards.