HTTP/HTTPS Proxy

You can configure a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterXL / Scalable Platform Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. to act as an HTTP/HTTPS Proxy on your network.

In such configuration, the Security Gateway / ClusterXL / Security Group becomes an intermediary between hosts that communicate with each other through the Security Gateway / ClusterXL / Security Group. It does not allow a direct connection between these hosts.

Each successful connection creates two different connections:

One connection between the client in the organization and the proxy (Security Gateway / ClusterXL / Security Group).
One connection between the proxy (Security Gateway / ClusterXL / Security Group) and the actual destination.

These proxy modes are supported:

Mode	Description
Transparent	All HTTP traffic on specified ports and interfaces is intercepted and processed by the Proxy code in the Security Gateway / ClusterXL / Security Group. No configuration is required on the clients.
Non Transparent	All HTTP/HTTPS traffic on specified ports and interfaces is intercepted and processed by the Proxy code in the Security Gateway / ClusterXL / Security Group. Configuration of the proxy server and proxy port is required on client machines.

Mode

Description

Transparent

All HTTP traffic on specified ports and interfaces is intercepted and processed by the Proxy code in the Security Gateway / ClusterXL / Security Group.

No configuration is required on the clients.

Non Transparent

All HTTP/HTTPS traffic on specified ports and interfaces is intercepted and processed by the Proxy code in the Security Gateway / ClusterXL / Security Group.

Configuration of the proxy server and proxy port is required on client machines.

How to get there:

Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
From the left navigation panel, click Gateways & Servers.
Double-click the Security Gateway / Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object.
In the left tree, click the HTTP/HTTPS Proxy page.

Important - When you enable the HTTP/HTTPS Proxy, the Security Gateway / Cluster performance can decrease in situations where SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. would otherwise accelerate proxied traffic. See sk92482.

For more information, see:

SmartConsole built-in help (in the Security Gateway / Cluster object, click the (?) button in the top right corner).
sk110013 - How to configure Check Point Security Gateway as HTTP/HTTPS Proxy (requires Advanced access to Check Point Support Center)