Link to home
Start Free TrialLog in
Avatar of nexissteve
nexissteveFlag for New Zealand

asked on

Checkpoint NG reverse proxy

Hi All,

Im currently looking at our design and implementation out in our DMZ.

I have read a fair bit of material that outlines the benefits of running a reverse proxy through to certain services that need a little bit more protection from the outside world.

Has anyone had any luck implementing reverse proxy to a DMZ environment on checkpoint NG.? Any white papers or doco would be fantastic too.

I realise implementing this on ISA 2004 is a doddle and am not interested in ISA comments, ISA is not an option, so checkpoint answers only please.

Thanks

S
ASKER CERTIFIED SOLUTION
Avatar of srikrishnak
srikrishnak
Flag of Singapore image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dbardbar
dbardbar
What extra security do you EXACTLY need?
How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?
Is this HTTP only? Other protocols?
Do you today have a CP FW-1 connecting the DMZ to the outside world?
Avatar of nexissteve
nexissteve
Flag of New Zealand image

ASKER


What extra security do you EXACTLY need?

Full auditing and minimising the attack vector on a member server that is running a web site.

How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?

Transparent

Is this HTTP only? Other protocols?

HTTPS or HTTP

Do you today have a CP FW-1 connecting the DMZ to the outside world?

To multiple DMZ's

Avatar of nexissteve
nexissteve
Flag of New Zealand image

ASKER

Checkpoint cannot do true reverse proxy.

The answer lies in srikrishnak's comment in that you have to use user auth.

Not quite the answer I was looking for. But thanks all the same.