We have a proxy server in our internal network and I want to redirect all internet http requests to a web server in local network. It'll be like a Network Billboard that says "No direct connection is available. Set up your proxy etc." For example:

• A user starts the computer
• Opens the browser
• Tries to open www.google.com
• Should see web server output on local network
• Tries another web site on internet
• Should see web server output on local network
• Sets up proxy
• Tries to connect to a web site
• Web site should be loaded

I have added a simple manual NAT rule to address translation in Checkpoint firewall but it simply does not work. Here is my address translation rule

Source Destination Service T.Source T.Destination T.Service
MY_PC  A_GOOGLE_IP ALL     ORIGINAL INT_WEB_SRV   ORIGINAL

Then when I ping A_GOOGLE_IP, replies come from INT_WEB_SRV, as I expected. However, when I try to connect A_GOOGLE_IP from browser (http://A_GOOGLE_IP), no replies come from SYN_SENT and falls into timeout. When I look at the firewall log of INT_WEB_SRV, I can see the incoming connection requests from MY_PC is accepted and NO denies. By the way, there is no problem to see INT_WEB_SRV (http://INT_WEB_SRV) from browser.

My understanding is, my NAT rule at checkpoint NGX R60 does not include return packets. I definitely need some help.