https://community.checkpoint.com/t5/Firewall-and-Security-Management/Will-changing-an-External-defined-interface-to-Network-defined/m-p/51655#M3894 <P>Our gateways are on R80.10</P><P>We currently have two interfaces configured as Topology - External. We want to change one of them to be Topology - Network defined by Routes.<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="External facing nic.PNG" style="width: 492px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/942iE2A0FBA60F7CDE1D/image-size/large?v=v2&amp;px=999" role="button" title="External facing nic.PNG" alt="External facing nic.PNG" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="External facing nic x2.PNG" style="width: 560px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/943i6BA87B5D9D99FB14/image-size/large?v=v2&amp;px=999" role="button" title="External facing nic x2.PNG" alt="External facing nic x2.PNG" /></span></P><P>&nbsp;</P><P>There doesn't appear to be this option on R80.10 although the help does takes you to this page:-</P><DIV class="pageContent">Understanding Topology<P class="tpbodytext">An interface can be defined as being External (leading to the Internet) or Internal (leading to the LAN).</P><P class="tpbodytext">The type of network that the interface <STRONG>Leads To</STRONG>:</P><UL><LI><STRONG>Internet (External)</STRONG> or <STRONG>This Network (Internal) </STRONG><STRONG>- </STRONG>This is the default setting. It is automatically calculated from the topology of the gateway. To update the topology of an internal network after changes to static routes, click <STRONG>Network Management </STRONG>&gt; <STRONG>Get Interfaces</STRONG> in the <STRONG>General Properties </STRONG>window of the gateway.</LI><LI><STRONG>Override </STRONG>- Override the default setting.</LI></UL><P class="tpbodytext">If you <STRONG>Override</STRONG> the default setting:</P><UL><LI><STRONG>Internet (External) </STRONG>- All external/Internet addresses</LI><LI><STRONG>This Network (Internal) </STRONG>-<UL><LI><STRONG>Not Defined</STRONG> - All IP addresses behind this interface are considered a part of the internal network that connects to this interface</LI><LI><STRONG>Network defined by the interface IP and Net Mask</STRONG> - Only the network that directly connects to this internal interface</LI><LI><U><STRONG><EM>Network defined by routes - The gateway dynamically calculates the topology behind this interface. If the network changes, there is no need to click "Get Interfaces" and install a policy.</EM></STRONG></U></LI><LI><STRONG>Specific </STRONG>- A specific network object (a network, a host, an address range, or a network group) behind this internal interface</LI><LI><STRONG>Interface leads to DMZ</STRONG> - The DMZ that directly connects to this internal interface</LI></UL></LI></UL></DIV><P>&nbsp;</P><P>&nbsp;</P><P>One that will remain as External leads to our External facing firewall,&nbsp; the other which we want to change leads to our internal network.</P><P>We also have Anti-Spoofing set on this interface .</P><P>Firstly is this option available in R80.10 and if not what option is recommended to point back to our internal network.</P><P>Secondly will changing this cause us any outage?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 24 Apr 2019 10:02:50 GMT Beverley_Cudd 2019-04-24T10:02:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Will-changing-an-External-defined-interface-to-Network-defined/m-p/51655#M3894 <P>Our gateways are on R80.10</P><P>We currently have two interfaces configured as Topology - External. We want to change one of them to be Topology - Network defined by Routes.<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="External facing nic.PNG" style="width: 492px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/942iE2A0FBA60F7CDE1D/image-size/large?v=v2&amp;px=999" role="button" title="External facing nic.PNG" alt="External facing nic.PNG" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="External facing nic x2.PNG" style="width: 560px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/943i6BA87B5D9D99FB14/image-size/large?v=v2&amp;px=999" role="button" title="External facing nic x2.PNG" alt="External facing nic x2.PNG" /></span></P><P>&nbsp;</P><P>There doesn't appear to be this option on R80.10 although the help does takes you to this page:-</P><DIV class="pageContent">Understanding Topology<P class="tpbodytext">An interface can be defined as being External (leading to the Internet) or Internal (leading to the LAN).</P><P class="tpbodytext">The type of network that the interface <STRONG>Leads To</STRONG>:</P><UL><LI><STRONG>Internet (External)</STRONG> or <STRONG>This Network (Internal) </STRONG><STRONG>- </STRONG>This is the default setting. It is automatically calculated from the topology of the gateway. To update the topology of an internal network after changes to static routes, click <STRONG>Network Management </STRONG>&gt; <STRONG>Get Interfaces</STRONG> in the <STRONG>General Properties </STRONG>window of the gateway.</LI><LI><STRONG>Override </STRONG>- Override the default setting.</LI></UL><P class="tpbodytext">If you <STRONG>Override</STRONG> the default setting:</P><UL><LI><STRONG>Internet (External) </STRONG>- All external/Internet addresses</LI><LI><STRONG>This Network (Internal) </STRONG>-<UL><LI><STRONG>Not Defined</STRONG> - All IP addresses behind this interface are considered a part of the internal network that connects to this interface</LI><LI><STRONG>Network defined by the interface IP and Net Mask</STRONG> - Only the network that directly connects to this internal interface</LI><LI><U><STRONG><EM>Network defined by routes - The gateway dynamically calculates the topology behind this interface. If the network changes, there is no need to click "Get Interfaces" and install a policy.</EM></STRONG></U></LI><LI><STRONG>Specific </STRONG>- A specific network object (a network, a host, an address range, or a network group) behind this internal interface</LI><LI><STRONG>Interface leads to DMZ</STRONG> - The DMZ that directly connects to this internal interface</LI></UL></LI></UL></DIV><P>&nbsp;</P><P>&nbsp;</P><P>One that will remain as External leads to our External facing firewall,&nbsp; the other which we want to change leads to our internal network.</P><P>We also have Anti-Spoofing set on this interface .</P><P>Firstly is this option available in R80.10 and if not what option is recommended to point back to our internal network.</P><P>Secondly will changing this cause us any outage?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 24 Apr 2019 10:02:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Will-changing-an-External-defined-interface-to-Network-defined/m-p/51655#M3894 Beverley_Cudd 2019-04-24T10:02:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Will-changing-an-External-defined-interface-to-Network-defined/m-p/51883#M3908 This option is only available on R80.20 gateways and above.<BR />If the anti-spoofing configuration is not set correctly, it can cause an outage.<BR />Make certain all the correct network(s) are defined on all the relevant interfaces. Thu, 25 Apr 2019 22:51:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Will-changing-an-External-defined-interface-to-Network-defined/m-p/51883#M3908 PhoneBoy 2019-04-25T22:51:22Z