topic internet access through firewall in General Topics https://community.checkpoint.com/t5/General-Topics/internet-access-through-firewall/m-p/242676#M40566 <P>Hi,</P><P>I have a netis router with ip 172.20.10.2 and gateway 172.20.10.1 , also i have firewall sg3600 with mgnt ip 192.168.1.1 , eth1 ip192.168.4.1 and eth2 ip 192.168.5.2 . i want to deploy this firewall and have internet access in my laptop.</P><P>What i did is :</P><P>Log in to Netis Router (<A href="http://172.20.10.2" target="_blank" rel="noopener">http://172.20.10.2</A>)<BR />Go to: Network &gt; Routing</P><P>&nbsp;Add a static route:</P><P>Destination: 192.168.4.0<BR />Subnet Mask: 255.255.255.0<BR />Gateway: 192.168.5.2 (Firewall eth2)</P><H3><FONT size="2">Add Static Route in Gaia WebUI</FONT></H3><P><FONT size="2">Login to Check Point Gaia WebUI (<A href="https://192.168.1.1" target="_blank" rel="noopener">https://192.168.1.1</A>).</FONT><BR /><FONT size="2">Go to: Network Management &gt; IPv4 Static Routes.</FONT><BR /><FONT size="2">Add the following routes:</FONT></P><UL><LI><FONT size="2">Route for Internet traffic:</FONT><UL><LI><FONT size="2">Destination: 0.0.0.0/0</FONT></LI><LI><FONT size="2">Gateway: 172.20.10.1 (Netis Router Gateway)</FONT></LI><LI><FONT size="2">Interface: eth2</FONT></LI></UL></LI><LI><FONT size="2">Route for LAN traffic:</FONT><UL><LI><FONT size="2">Destination: 192.168.4.0/24</FONT></LI><LI><FONT size="2">Gateway: 192.168.4.1 (Firewall eth1)</FONT></LI><LI><FONT size="2">Interface: eth1</FONT><BR /><H3><FONT size="2">Configure Hide NAT in SmartConsole</FONT></H3><P><FONT size="2">Open SmartConsole → Security Policy → NAT.</FONT><BR /><FONT size="2">Add a new Hide NAT Rule:</FONT></P><UL><LI><FONT size="2">Original Source: 192.168.4.0/24 (Internal network)</FONT></LI><LI><FONT size="2">Original Destination: Any</FONT></LI><LI><FONT size="2">Service: Any</FONT></LI><LI><FONT size="2">Translated Source: 192.168.5.2 (Firewall eth2 IP) </FONT></LI><LI><FONT size="2">Save &amp; Install Policy.</FONT></LI></UL><H2><FONT size="2">Step 4: Set Laptop Network Configuration</FONT></H2><P><FONT size="2">Your laptop must use the firewall’s eth1 IP (192.168.4.1) as the default gateway.</FONT></P><P><FONT size="2">Go to Network Settings on Laptop</FONT><BR /><FONT size="2">Set Static IP:</FONT></P><UL><LI><FONT size="2">IP Address: 192.168.4.100</FONT></LI><LI><FONT size="2">Subnet Mask: 255.255.255.0</FONT></LI><LI><FONT size="2">Default Gateway: 192.168.4.1 (Firewall eth1)</FONT></LI><LI><FONT size="2">DNS Server: 8.8.8.8 (Google DNS) Save &amp; Restart Network.</FONT></LI></UL><H2><FONT size="2">Configure Security Policy in SmartConsole</FONT></H2><P><FONT size="2">The firewall must allow traffic from eth2 (WAN) to eth1 (LAN).</FONT></P><H3><FONT size="2">Add Access Control Rule in SmartConsole</FONT></H3><P><FONT size="2">Go to SmartConsole → Security Policy &gt; Access Control.</FONT><BR /><FONT size="2">Create a New Rule:</FONT></P><UL><LI><FONT size="2">Source: 192.168.4.0/24 (Internal network)</FONT></LI><LI><FONT size="2">Destination: Any</FONT></LI><LI><FONT size="2">Service: Any</FONT></LI><LI><FONT size="2">Action: Accept Save &amp; Install Policy.</FONT></LI></UL>On firewall SSH i can ping netis router , but cannot ping internet 8.8.8.8.&nbsp;</LI></UL></LI></UL> Fri, 28 Feb 2025 14:40:56 GMT lcako 2025-02-28T14:40:56Z internet access through firewall https://community.checkpoint.com/t5/General-Topics/internet-access-through-firewall/m-p/242676#M40566 <P>Hi,</P><P>I have a netis router with ip 172.20.10.2 and gateway 172.20.10.1 , also i have firewall sg3600 with mgnt ip 192.168.1.1 , eth1 ip192.168.4.1 and eth2 ip 192.168.5.2 . i want to deploy this firewall and have internet access in my laptop.</P><P>What i did is :</P><P>Log in to Netis Router (<A href="http://172.20.10.2" target="_blank" rel="noopener">http://172.20.10.2</A>)<BR />Go to: Network &gt; Routing</P><P>&nbsp;Add a static route:</P><P>Destination: 192.168.4.0<BR />Subnet Mask: 255.255.255.0<BR />Gateway: 192.168.5.2 (Firewall eth2)</P><H3><FONT size="2">Add Static Route in Gaia WebUI</FONT></H3><P><FONT size="2">Login to Check Point Gaia WebUI (<A href="https://192.168.1.1" target="_blank" rel="noopener">https://192.168.1.1</A>).</FONT><BR /><FONT size="2">Go to: Network Management &gt; IPv4 Static Routes.</FONT><BR /><FONT size="2">Add the following routes:</FONT></P><UL><LI><FONT size="2">Route for Internet traffic:</FONT><UL><LI><FONT size="2">Destination: 0.0.0.0/0</FONT></LI><LI><FONT size="2">Gateway: 172.20.10.1 (Netis Router Gateway)</FONT></LI><LI><FONT size="2">Interface: eth2</FONT></LI></UL></LI><LI><FONT size="2">Route for LAN traffic:</FONT><UL><LI><FONT size="2">Destination: 192.168.4.0/24</FONT></LI><LI><FONT size="2">Gateway: 192.168.4.1 (Firewall eth1)</FONT></LI><LI><FONT size="2">Interface: eth1</FONT><BR /><H3><FONT size="2">Configure Hide NAT in SmartConsole</FONT></H3><P><FONT size="2">Open SmartConsole → Security Policy → NAT.</FONT><BR /><FONT size="2">Add a new Hide NAT Rule:</FONT></P><UL><LI><FONT size="2">Original Source: 192.168.4.0/24 (Internal network)</FONT></LI><LI><FONT size="2">Original Destination: Any</FONT></LI><LI><FONT size="2">Service: Any</FONT></LI><LI><FONT size="2">Translated Source: 192.168.5.2 (Firewall eth2 IP) </FONT></LI><LI><FONT size="2">Save &amp; Install Policy.</FONT></LI></UL><H2><FONT size="2">Step 4: Set Laptop Network Configuration</FONT></H2><P><FONT size="2">Your laptop must use the firewall’s eth1 IP (192.168.4.1) as the default gateway.</FONT></P><P><FONT size="2">Go to Network Settings on Laptop</FONT><BR /><FONT size="2">Set Static IP:</FONT></P><UL><LI><FONT size="2">IP Address: 192.168.4.100</FONT></LI><LI><FONT size="2">Subnet Mask: 255.255.255.0</FONT></LI><LI><FONT size="2">Default Gateway: 192.168.4.1 (Firewall eth1)</FONT></LI><LI><FONT size="2">DNS Server: 8.8.8.8 (Google DNS) Save &amp; Restart Network.</FONT></LI></UL><H2><FONT size="2">Configure Security Policy in SmartConsole</FONT></H2><P><FONT size="2">The firewall must allow traffic from eth2 (WAN) to eth1 (LAN).</FONT></P><H3><FONT size="2">Add Access Control Rule in SmartConsole</FONT></H3><P><FONT size="2">Go to SmartConsole → Security Policy &gt; Access Control.</FONT><BR /><FONT size="2">Create a New Rule:</FONT></P><UL><LI><FONT size="2">Source: 192.168.4.0/24 (Internal network)</FONT></LI><LI><FONT size="2">Destination: Any</FONT></LI><LI><FONT size="2">Service: Any</FONT></LI><LI><FONT size="2">Action: Accept Save &amp; Install Policy.</FONT></LI></UL>On firewall SSH i can ping netis router , but cannot ping internet 8.8.8.8.&nbsp;</LI></UL></LI></UL> Fri, 28 Feb 2025 14:40:56 GMT https://community.checkpoint.com/t5/General-Topics/internet-access-through-firewall/m-p/242676#M40566 lcako 2025-02-28T14:40:56Z