- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
I have installed an evaluation version of All-in-one R80.10 Checkpoint Firewall in a VM.
I don't have Smart Console in our setup, so I have done all the configuration using Gaia CLI.
Following is the configuration I have done:
set interface eth1 state on
set interface eth2 state on
add bridging group 0
add bridging group 0 interface eth1
add bridging group 0 interface eth2
mgmt add host name "Mgmt" ip-address "10.0.2.2"
mgmt add access-rule layer "Network" name "Management Rule" source "Mgmt" service.1 "ssh" service.2 "https" position "top" action "Accept"
mgmt add access-rule layer "Network" name "FW-rule" source "All_Internet" service "any" position.below "Management Rule" action "Accept"
mgmt publish
mgmt install-policy policy-package "Standard"
But I am facing one issue, the bridge is not forwarding the traffic received on eth1 to eth2. I have tried disabling anti-spoofing also but it didn't help.
fw ctl set int fw_local_interface_anti_spoofing 0
fw ctl set int fw_antispoofing_enabled 0
The fw monitor logs shows only inbound traffic.
eth1:i0 (IP Options Strip (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i1 (Stateless verifications (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i2 (fw multik misc proto forwarding)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i3 (SecureXL conn sync)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i4 (fw VM inbound )[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I5 (SecureXL inbound)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I6 (fw SCV inbound)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I7 (passive streaming (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I8 (TCP streaming (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I9 (IP Options Restore (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I10 (Chain End)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i0 (IP Options Strip (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i1 (Stateless verifications (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i2 (fw multik misc proto forwarding)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i3 (SecureXL conn sync)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:i4 (fw VM inbound )[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I5 (SecureXL inbound)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I6 (fw SCV inbound)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I7 (passive streaming (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I8 (TCP streaming (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I9 (IP Options Restore (in))[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
eth1:I10 (Chain End)[1010]: 1.2.3.4 -> 19.19.19.5 (UDP) len=1010 id=1
Can anyone please suggest what I am missing in the configuration?
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY