https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17411#M596 <HTML><HEAD></HEAD><BODY><P>What you describe should work without any configuration whatsoever, assuming a factory default configuration.</P><P>This is because:</P><UL><LI>LAN to WAN traffic is by default permitted</LI><LI>LAN/LAN traffic is generally not filtered at all</LI><LI>Traffic destined to the WAN from the LAN should be hidden behind the WAN IP</LI></UL><P></P><P>Here's what you should see in the NAT and Policy screens:</P><P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76485_pastedImage_2.png" /><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76484_pastedImage_1.png" /></P><P></P><P>You should try to ping the relevant hosts from the gateway to ensure you're not experiencing some other sort of connectivity issue.&nbsp;</P></BODY></HTML> Tue, 18 Dec 2018 22:29:52 GMT PhoneBoy 2018-12-18T22:29:52Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17407#M592 <HTML><HEAD></HEAD><BODY><P>hello all,</P><P>&nbsp;I am still new to Checkpoints so forgive me if this seems dumb. I have 2 private networks but want to limit and restrict more access to the second network (LAN) side and only allow access to the DC ETC... this should be fairly straight forward but I am struggling with it. the WAN side is the regular business network. I can also move the WAN connection and reconfigure LAN port 4 if its easier.&nbsp; thanks</P><P><IMG alt="example" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76466_example.jpg" />_</P></BODY></HTML> Tue, 18 Dec 2018 16:43:01 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17407#M592 Lee_Doran 2018-12-18T16:43:01Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17408#M593 <HTML><HEAD></HEAD><BODY><P>also it is a 1200 r with <SPAN lang="EN"></SPAN></P><P>R77.20.81</P></BODY></HTML> Tue, 18 Dec 2018 18:17:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17408#M593 Lee_Doran 2018-12-18T18:17:52Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17409#M594 <HTML><HEAD></HEAD><BODY><P>It would help if you state your requirements in terms of:</P><UL><LI>What host initiates the communication (LAN or WAN side)</LI><LI>What host will be the recipient of the connection (LAN or WAN side)</LI><LI>What services you intend to permit</LI></UL><P></P><P>Since you mention a DC (I assume you mean Datacenter) I assume the hosts may not be on the same subnet as your WAN interface.</P><P>That suggests you will have to adjust routing so hosts on your WAN know how to reach the LAN on your gateway.</P><P>Or you need to utilize NAT.</P></BODY></HTML> Tue, 18 Dec 2018 18:25:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17409#M594 PhoneBoy 2018-12-18T18:25:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17410#M595 <HTML><HEAD></HEAD><BODY><P>Hello Dameon,</P><P>here are some answers to your questions</P><UL><LI>What host initiates the communication (LAN side )</LI><LI>What host will be the recipient of the connection (LAN for some WAN for others)</LI><LI>What services you intend to permit RDP/SQL/AD/WSUS server/Antivirus Will ping work?(probably not if using NAT)</LI></UL><P>thanks,</P></BODY></HTML> Tue, 18 Dec 2018 21:22:46 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17410#M595 Lee_Doran 2018-12-18T21:22:46Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17411#M596 <HTML><HEAD></HEAD><BODY><P>What you describe should work without any configuration whatsoever, assuming a factory default configuration.</P><P>This is because:</P><UL><LI>LAN to WAN traffic is by default permitted</LI><LI>LAN/LAN traffic is generally not filtered at all</LI><LI>Traffic destined to the WAN from the LAN should be hidden behind the WAN IP</LI></UL><P></P><P>Here's what you should see in the NAT and Policy screens:</P><P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76485_pastedImage_2.png" /><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76484_pastedImage_1.png" /></P><P></P><P>You should try to ping the relevant hosts from the gateway to ensure you're not experiencing some other sort of connectivity issue.&nbsp;</P></BODY></HTML> Tue, 18 Dec 2018 22:29:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/firewall-setup-on-2-non-routeable-networks/m-p/17411#M596 PhoneBoy 2018-12-18T22:29:52Z