https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178740#M8793 <P>What interface is it, the LAN one?<BR />I suspect what you're asking for is an RFE.</P> Fri, 21 Apr 2023 14:57:04 GMT PhoneBoy 2023-04-21T14:57:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178648#M8775 <P>Hi all,<BR /><BR />We have a lot of 1430 appliance gateways on remote sites, that are connected via S2S VPN to our central firewall.<BR />They are running&nbsp;R77.20.87 build 990173120<BR />They are managed by our central R81.10 manager.</P><P>I want connections from the 1430 appliances to our central log server to be encrypted in the VPN tunnels.<BR />I also want connections from the 1430 appliances to our central DNS/NTP/AD resources to be encrypted in the VPN tunnels.</P><P>In sk119415 I see that "fw ctl set int fw_enc_conns_use_internal 1" on the 1430 appliances will fix exactly that.<BR />My problem is that I can't control which IP/interface is used.<BR />Our network topology has one IP/interface on the 1430 appliances that are the same on all the remote locations.<BR />The 1430 appliances chooses exactly that IP/interface.&nbsp; <span class="lia-unicode-emoji" title=":face_with_head_bandage:">🤕</span></P><P>How can I make the 1430 appliances choose another IP/interface ???</P><P>Best regards&nbsp;<BR />&nbsp; Jan&nbsp;</P> Thu, 20 Apr 2023 20:09:41 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178648#M8775 Mudderkage 2023-04-20T20:09:41Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178670#M8778 <P>The only idea I have is to test whether with the use of Aliases you can influence this at all.</P> Fri, 21 Apr 2023 01:50:54 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178670#M8778 Chris_Atkinson 2023-04-21T01:50:54Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178740#M8793 <P>What interface is it, the LAN one?<BR />I suspect what you're asking for is an RFE.</P> Fri, 21 Apr 2023 14:57:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178740#M8793 PhoneBoy 2023-04-21T14:57:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178755#M8795 <P>All our SMB boxes sends traffic from source LAN6&nbsp;<BR />RFE...&nbsp; &nbsp;well, I never&nbsp;considered that, but it would be <SPAN>wonderful</SPAN>.&nbsp;<BR /><BR /><BR />CP1430&gt; show interfaces<BR />name: LAN6<BR />ipv4-address: 172.16.240.1<BR />status: 1/full</P> Fri, 21 Apr 2023 17:49:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178755#M8795 Mudderkage 2023-04-21T17:49:57Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178914#M8800 <P>Asked TAC already ?</P> Mon, 24 Apr 2023 11:07:39 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Forcing-external-1430-appliance-gateways-to-use-internal-IP/m-p/178914#M8800 G_W_Albrecht 2023-04-24T11:07:39Z