https://community.checkpoint.com/t5/Spark-Firewall-SMB/1450-Appliance-Branch-Office-Question/m-p/6060#M103 <HTML><HEAD></HEAD><BODY><P>Hi - I am setting up 1450 appliances at a couple of branch offices, but I am not sure what my best approach is for configuring them to support our environment properly; Here is a basic proposed setup:</P><P></P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/58424_snip_20170906163923.png" style="height: auto;" /></P><P>I am having some trouble since I need the gateway to not NAT and not block all incoming traffic by default, as traffic from the CorporateLAN to the BranchOfficeLAN (and vice versa) is common. I can't seem to configure the firewall service to deal with this so far - and I am&nbsp;surely just being dense <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />&nbsp;- but if I disable the firewall and NAT, traffic passes as I would want. However that defeats some of the purpose, and&nbsp;I would hope to configure an Internet connection (using the WAN port) and just create my policy manually. I seem to be stuck though with an all or nothing config...</P><P></P><P>Any advice is greatly appreciated!</P><P></P><P>David</P></BODY></HTML> Wed, 06 Sep 2017 21:54:06 GMT David_Levine 2017-09-06T21:54:06Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/1450-Appliance-Branch-Office-Question/m-p/6060#M103 <HTML><HEAD></HEAD><BODY><P>Hi - I am setting up 1450 appliances at a couple of branch offices, but I am not sure what my best approach is for configuring them to support our environment properly; Here is a basic proposed setup:</P><P></P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/58424_snip_20170906163923.png" style="height: auto;" /></P><P>I am having some trouble since I need the gateway to not NAT and not block all incoming traffic by default, as traffic from the CorporateLAN to the BranchOfficeLAN (and vice versa) is common. I can't seem to configure the firewall service to deal with this so far - and I am&nbsp;surely just being dense <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />&nbsp;- but if I disable the firewall and NAT, traffic passes as I would want. However that defeats some of the purpose, and&nbsp;I would hope to configure an Internet connection (using the WAN port) and just create my policy manually. I seem to be stuck though with an all or nothing config...</P><P></P><P>Any advice is greatly appreciated!</P><P></P><P>David</P></BODY></HTML> Wed, 06 Sep 2017 21:54:06 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/1450-Appliance-Branch-Office-Question/m-p/6060#M103 David_Levine 2017-09-06T21:54:06Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/1450-Appliance-Branch-Office-Question/m-p/6061#M104 <HTML><HEAD></HEAD><BODY><P>I'm pretty sure you can achieve this with manual NAT rules.</P><P>What NAT rules did you try?</P><P>Note this would also imply turning "Off" the Outgoing traffic NAT option, which can be recreated with manual NAT rules.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/58435_pastedImage_1.png" style="width: 620px; height: 312px;" /></P></BODY></HTML> Thu, 07 Sep 2017 20:17:20 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/1450-Appliance-Branch-Office-Question/m-p/6061#M104 PhoneBoy 2017-09-07T20:17:20Z