https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109255#M4759 <P>In sk119415 we learn about IPSec VPN tunnels peer IPs - you can select using Advanced Settings to use internal IP for VPN tunnels on locally managed SMB, or using fw ctl set int fw_enc_conns_use_internal 1 on centrally Managed SMBs. There is no way to set it to a specific internal IP, but you can try to define a Bridge with the internal IP you want and add all LAN ports (or a Switch with all LAN ports) and WLAN. For outgoing IPSec, this internal IP should be used.</P> <P>So please explain which client should start a copy from server to which target ?</P> Fri, 29 Jan 2021 08:44:51 GMT G_W_Albrecht 2021-01-29T08:44:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109246#M4758 <P>Hello!</P><P>I would like to run a script for copy file from server on checkpoint 1430, but it's accessed from external IP.</P><P>In sk119415 was&nbsp;recommended use command fw ctl set int fw_enc_conns_use_internal 1</P><P>If you use this command checkpoint, then checkpoint uses any internal IP from its interfaces.</P><P>How can I set a specific IP for this purpuse?</P><P>Firmware version 77.20.87</P> Fri, 29 Jan 2021 06:36:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109246#M4758 Basyuk 2021-01-29T06:36:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109255#M4759 <P>In sk119415 we learn about IPSec VPN tunnels peer IPs - you can select using Advanced Settings to use internal IP for VPN tunnels on locally managed SMB, or using fw ctl set int fw_enc_conns_use_internal 1 on centrally Managed SMBs. There is no way to set it to a specific internal IP, but you can try to define a Bridge with the internal IP you want and add all LAN ports (or a Switch with all LAN ports) and WLAN. For outgoing IPSec, this internal IP should be used.</P> <P>So please explain which client should start a copy from server to which target ?</P> Fri, 29 Jan 2021 08:44:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109255#M4759 G_W_Albrecht 2021-01-29T08:44:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109259#M4760 <P>Thank you, but I am not understand method with use Bridge.</P><P>For exaple:</P><P>My SMB device has a two interfaces with subnet (LAN1 - 10.1.1.1, LAN2 - 172.30.1.1).<BR />Or SMB has a one interface with two vlans (LAN1.1111 - 10.1.1.1, LAN1.1112 - 172.30.1.1)</P><P>I use SmartProvisioning for run script, that writes interfaces configuration to the file and copy this file to my PC (use SCP).</P><P>I have the ability to allow access to my PC only from 10.1.1.1.</P><P>How can I do it?&nbsp;</P> Fri, 29 Jan 2021 09:08:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109259#M4760 Basyuk 2021-01-29T09:08:57Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109260#M4761 <P>I am sorry, but i do not understand where the IPSec VPN tunnel comes in here. Bridge is fully covered in the Admin Guide, i would start with it first.</P> Fri, 29 Jan 2021 09:21:42 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109260#M4761 G_W_Albrecht 2021-01-29T09:21:42Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109261#M4762 <P>My computer is located behind another checkpoint.&nbsp;</P> Fri, 29 Jan 2021 09:25:30 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109261#M4762 Basyuk 2021-01-29T09:25:30Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109262#M4763 <P>Oh, you want to manipulate the source IP so it does not come from WAN IF but internal SMB IF. Better idea: Let the script send it to a watched client folder in this SMBs local network first and resend it to you from that client 8)</img></P> Fri, 29 Jan 2021 09:37:14 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109262#M4763 G_W_Albrecht 2021-01-29T09:37:14Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109263#M4764 <P>At this moment I am using the following method:</P><P>1. Enable bashUser for admin and run my script in SmartProvisioning</P><P>2. Run script from my PC that copy this files to my PC with help putty (pscp)</P><P>3. Disable bashUser for admin</P><P>I thought there was a way to do it through SmartProvisioning:(&nbsp;</P> Fri, 29 Jan 2021 09:44:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-specific-internal-IP-for-connection-from-Checkpoint-1430/m-p/109263#M4764 Basyuk 2021-01-29T09:44:52Z