nexissteve
asked on
Checkpoint NG reverse proxy
Hi All,
Im currently looking at our design and implementation out in our DMZ.
I have read a fair bit of material that outlines the benefits of running a reverse proxy through to certain services that need a little bit more protection from the outside world.
Has anyone had any luck implementing reverse proxy to a DMZ environment on checkpoint NG.? Any white papers or doco would be fantastic too.
I realise implementing this on ISA 2004 is a doddle and am not interested in ISA comments, ISA is not an option, so checkpoint answers only please.
Thanks
S
Im currently looking at our design and implementation out in our DMZ.
I have read a fair bit of material that outlines the benefits of running a reverse proxy through to certain services that need a little bit more protection from the outside world.
Has anyone had any luck implementing reverse proxy to a DMZ environment on checkpoint NG.? Any white papers or doco would be fantastic too.
I realise implementing this on ISA 2004 is a doddle and am not interested in ISA comments, ISA is not an option, so checkpoint answers only please.
Thanks
S
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What extra security do you EXACTLY need?
Full auditing and minimising the attack vector on a member server that is running a web site.
How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?
Transparent
Is this HTTP only? Other protocols?
HTTPS or HTTP
Do you today have a CP FW-1 connecting the DMZ to the outside world?
To multiple DMZ's
ASKER
Checkpoint cannot do true reverse proxy.
The answer lies in srikrishnak's comment in that you have to use user auth.
Not quite the answer I was looking for. But thanks all the same.
The answer lies in srikrishnak's comment in that you have to use user auth.
Not quite the answer I was looking for. But thanks all the same.
How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?
Is this HTTP only? Other protocols?
Do you today have a CP FW-1 connecting the DMZ to the outside world?