Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BNgala
Explorer
Jump to solution

CP Gateway Management

Hi Checkmate, 

I will greatly appreciate if anyone could help me after a week of fruitless research as I am new learner. I am using a checkpoint 4200 with gaia R77.30 on it, I have enable Vlan 10 for my inside to access the internet and the interface mgmt is on different VLAN.

I am using a Cisco switch L3 configure with several VLANs, my question is how to configure the checkpoint for all the default gateways to allow inside mgmt 

 

0 Kudos
2 Solutions

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Here is an nice documentation:

Check Point for Beginners

➜ CCSM Elite, CCME, CCTE

View solution in original post

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

➜ CCSM Elite, CCME, CCTE

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
A network diagram would be very helpful.
0 Kudos
BNgala
Explorer

From my previous post,

I would like to know how could I configure the default gateway to allow the inside to access the internet and the default gateway for the inside management.

for example in cisco is ip route 0.0.0.0  0.0.0.0 (ip address) default gateway, so how to configure this in checkpoint.

 

many thanks.

0 Kudos
PhoneBoy
Admin
Admin

You can only have one default gateway on a given device, which should generally point towards the Internet.

To be able to reach internal networks from your gateway, you will need to create specific routes for each network pointing to the next hop required to reach that network. 

Again, a network diagram would be exceptionally helpful.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Here is an nice documentation:

Check Point for Beginners

➜ CCSM Elite, CCME, CCTE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

➜ CCSM Elite, CCME, CCTE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events