Solved

Checkpoint NG reverse proxy

Posted on 2006-06-12
4
2,390 Views
Last Modified: 2013-11-16
Hi All,

Im currently looking at our design and implementation out in our DMZ.

I have read a fair bit of material that outlines the benefits of running a reverse proxy through to certain services that need a little bit more protection from the outside world.

Has anyone had any luck implementing reverse proxy to a DMZ environment on checkpoint NG.? Any white papers or doco would be fantastic too.

I realise implementing this on ISA 2004 is a doddle and am not interested in ISA comments, ISA is not an option, so checkpoint answers only please.

Thanks

S
0
Comment
Question by:nexissteve
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
srikrishnak earned 500 total points
ID: 16892130
0
 
LVL 5

Expert Comment

by:dbardbar
ID: 16895401
What extra security do you EXACTLY need?
How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?
Is this HTTP only? Other protocols?
Do you today have a CP FW-1 connecting the DMZ to the outside world?
0
 
LVL 6

Author Comment

by:nexissteve
ID: 16897126

What extra security do you EXACTLY need?

Full auditing and minimising the attack vector on a member server that is running a web site.

How would you like (generly speaking) for the user experience to be when accessing the DMZ servers?

Transparent

Is this HTTP only? Other protocols?

HTTPS or HTTP

Do you today have a CP FW-1 connecting the DMZ to the outside world?

To multiple DMZ's

0
 
LVL 6

Author Comment

by:nexissteve
ID: 16958269
Checkpoint cannot do true reverse proxy.

The answer lies in srikrishnak's comment in that you have to use user auth.

Not quite the answer I was looking for. But thanks all the same.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now