https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloudguard-Standalone-connectivity-in-VMWare-ESXi/m-p/192683#M70 <P>Have you checked if packets are actually being received by the gateway?<BR />This can easily be established with a tcpdump on the relevant interface.</P> Thu, 14 Sep 2023 22:52:22 GMT PhoneBoy 2023-09-14T22:52:22Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloudguard-Standalone-connectivity-in-VMWare-ESXi/m-p/192641#M69 <P>I have a virtual Cisco Catalyst 8000V connected to a virtual PC and to a virtual Check Point Cloudguard Standalone with a demo license. The Check Point also has a virtual PC connected.</P><P>Therefore, this is my virtual scheme:</P><P>&nbsp;</P><P><STRONG>Virtual PC1</STRONG> (192.168.2.3) -&gt; (192.168.2.2) <STRONG>Virtual Fortinet</STRONG> (192.168.3.1)&nbsp;-&gt; (192.168.3.2) <STRONG>Cisco</STRONG> (192.168.4.1) -&gt; (192.168.4.2) <STRONG>Check Point</STRONG> (192.168.6.1) -&gt; <STRONG>Virtual PC2</STRONG> (192.168.6.3)</P><P>&nbsp;</P><P>I’m evaluating the Check point capabilities and first of all, now that I have everything deployed, I want to test connectivity with a ping.</P><P>From the Check Point I can ping everything, so I assume the connectivity should be correct. However, wen I ping the Check Point from any other virtual machine, the ping fails. I’m not sure whether the Check Point may have the ICMP reply disabled, because I couldn’t find any cli command or configuration in the SmartConsole (I ticked the “ping” option when I configured the interfaces in the GUI) to change that, or maybe the network configuration is wrong. I configured these static routes in the Cisco:</P><P>&nbsp;</P><P data-unlink="true">192.168.2.0/24&nbsp;&nbsp;[1/01 via 192.168.3.1</P><P data-unlink="true">192.168.3.0/24&nbsp;&nbsp;is variably subnetted, 2 subnets, 2 Masks</P><P data-unlink="true">192.168.3.0/24&nbsp;&nbsp;is directly connected, GigabitEthernet3</P><P data-unlink="true">192.168.3.2/32&nbsp;&nbsp;is directly connected, GigabitEthernet3</P><P data-unlink="true">192.168.4.0/24&nbsp;&nbsp;is variably subnetted, 2 subnets, 2 Masks</P><P data-unlink="true">192.168.4.0/24&nbsp;&nbsp;is directly connected, GigabitEthernet2</P><P data-unlink="true">192.168.4.1/32&nbsp;&nbsp;is directly connected, GigabitEthernet2</P><P data-unlink="true">192.168.6.0/24&nbsp;&nbsp;[1/01 via 192.168.4.2</P><P>&nbsp;</P><P>And these static routes in the Check Point:</P><P>&nbsp;</P><P>192.168.3.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; via 192.168.4.1, eth2, cost 0, age 1258</P><P>192.168.4.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; is directly connected, eth2</P><P>192.168.6.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; is directly connected, eth1</P><P>Am I missing something? Thanks!</P> Thu, 14 Sep 2023 10:21:47 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloudguard-Standalone-connectivity-in-VMWare-ESXi/m-p/192641#M69 NAT_AIR 2023-09-14T10:21:47Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloudguard-Standalone-connectivity-in-VMWare-ESXi/m-p/192683#M70 <P>Have you checked if packets are actually being received by the gateway?<BR />This can easily be established with a tcpdump on the relevant interface.</P> Thu, 14 Sep 2023 22:52:22 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloudguard-Standalone-connectivity-in-VMWare-ESXi/m-p/192683#M70 PhoneBoy 2023-09-14T22:52:22Z