Print Download Documentation Send Feedback

Previous

Next

URI - SOAP

What can I do here?

Use this window to configure how the Security Gateway inspects and tracks SOAP requests.

Getting Here

Getting Here - Object Explorer > New > Resource > URI > General > Set URI match inspection type to: wildcards > "SOAP" page shows

Simple Object Access Protocol

SOAP is a communication protocol for accessing web services and sending messages (in XML format) between applications.

The Check Point gateway uses a security server to prevent potential attacks by verifying that the HTTP, XML, SOAP methods in SOAP requests conform to the RFC. The Gateway also makes sure that only a predefined list of acceptable methods is being passed in the SOAP packet.

When the gateway detects SOAP packets, it can accept them or accept only the Methods specified in a predefined file.

The SOAP processing defined in the URI resource is performed only if the HTTP connection carrying the SOAP message is Accepted by the rule in which the URI resource is used. The connection must match the rule, and the rule Action cannot be Reject or Drop.

SOAP Options

To define how the Check Point Security Gateway inspects SOAP requests, in the URI Resource Match Wildcards window, select HTTP in the Schemes section.

In the SOAP window, Allow all SOAP Requests, or Allow only SOAP requests specified in the following File, and select the file.

Defining the Allowed SOAP Methods file

The name of the SOAP file must be one of a predefined list of 10 files, from scheme1 to scheme10. The file must reside in $FWDIR/conf/XML/ directory in the Security Management Server. If Management High Availability is used, the same file should be duplicated on both Security Management Servers.

The file must contain a two column list separated by a space:

namespace method

For example...

http://tempuri.org/message/ EchoString

http://tempuri.org/message/ SubtractNumbers

The file must be defined very precisely. It is best to copy and paste the namespace and method name from the log file. If there is a syntax error, the SOAP packets will be dropped.