|
|
|
What can I do here?
Use this window to configure how the Security Gateway inspects and tracks SOAP requests.
|
Getting Here - Object Explorer > New > Resource > URI > General > Set URI match inspection type to: wildcards > "SOAP" page shows |
SOAP is a communication protocol for accessing web services and sending messages (in XML format) between applications.
The Check Point gateway uses a security server to prevent potential attacks by verifying that the HTTP, XML, SOAP methods in SOAP requests conform to the RFC. The Gateway also makes sure that only a predefined list of acceptable methods is being passed in the SOAP packet.
When the gateway detects SOAP packets, it can accept them or accept only the Methods specified in a predefined file.
The SOAP processing defined in the URI resource is performed only if the HTTP connection carrying the SOAP message is Accepted by the rule in which the URI resource is used. The connection must match the rule, and the rule Action cannot be Reject or Drop.
To define how the Check Point Security Gateway inspects SOAP requests, in the URI Resource Match Wildcards window, select HTTP in the Schemes section.
In the SOAP window, Allow all SOAP Requests, or Allow only SOAP requests specified in the following File, and select the file.
Defining the Allowed SOAP Methods file
The name of the SOAP file must be one of a predefined list of 10 files, from scheme1 to scheme10. The file must reside in $FWDIR/conf/XML/ directory in the Security Management Server. If Management High Availability is used, the same file should be duplicated on both Security Management Servers.
The file must contain a two column list separated by a space:
|
For example...
|
The file must be defined very precisely. It is best to copy and paste the namespace and method name from the log file. If there is a syntax error, the SOAP packets will be dropped.
