Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

CP Gateway Management

Jump to solution

Hi Checkmate, 

I will greatly appreciate if anyone could help me after a week of fruitless research as I am new learner. I am using a checkpoint 4200 with gaia R77.30 on it, I have enable Vlan 10 for my inside to access the internet and the interface mgmt is on different VLAN.

I am using a Cisco switch L3 configure with several VLANs, my question is how to configure the checkpoint for all the default gateways to allow inside mgmt 

 

0 Kudos
2 Solutions

Accepted Solutions
Highlighted
Tags (1)
0 Kudos
Highlighted

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

View solution in original post

Tags (1)
5 Replies
Highlighted
Admin
Admin
A network diagram would be very helpful.
0 Kudos
Highlighted
Ivory

From my previous post,

I would like to know how could I configure the default gateway to allow the inside to access the internet and the default gateway for the inside management.

for example in cisco is ip route 0.0.0.0  0.0.0.0 (ip address) default gateway, so how to configure this in checkpoint.

 

many thanks.

0 Kudos
Highlighted
Admin
Admin

You can only have one default gateway on a given device, which should generally point towards the Internet.

To be able to reach internal networks from your gateway, you will need to create specific routes for each network pointing to the next hop required to reach that network. 

Again, a network diagram would be exceptionally helpful.

0 Kudos
Highlighted
Tags (1)
0 Kudos
Highlighted

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

View solution in original post

Tags (1)