This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BNgala
Explorer
‎2019-03-30 10:55 AM
Jump to solution

CP Gateway Management

Hi Checkmate, 

I will greatly appreciate if anyone could help me after a week of fruitless research as I am new learner. I am using a checkpoint 4200 with gaia R77.30 on it, I have enable Vlan 10 for my inside to access the internet and the interface mgmt is on different VLAN.

I am using a Cisco switch L3 configure with several VLANs, my question is how to configure the checkpoint for all the default gateways to allow inside mgmt 

 

0 Kudos
2 Solutions

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-31 01:51 AM
Jump to solution

Here is an nice documentation:

Check Point for Beginners

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-31 02:09 AM
In response to HeikoAnkenbrand
Jump to solution

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2019-03-30 06:04 PM
Jump to solution

A network diagram would be very helpful.
0 Kudos
BNgala
Explorer
‎2019-03-30 06:21 PM
Jump to solution

From my previous post,

I would like to know how could I configure the default gateway to allow the inside to access the internet and the default gateway for the inside management.

for example in cisco is ip route 0.0.0.0  0.0.0.0 (ip address) default gateway, so how to configure this in checkpoint.

 

many thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-31 09:03 AM
In response to BNgala
Jump to solution

You can only have one default gateway on a given device, which should generally point towards the Internet.

To be able to reach internal networks from your gateway, you will need to create specific routes for each network pointing to the next hop required to reach that network. 

Again, a network diagram would be exceptionally helpful.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-31 01:51 AM
Jump to solution

Here is an nice documentation:

Check Point for Beginners

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-31 02:09 AM
In response to HeikoAnkenbrand
Jump to solution

Hi @BNgala 

I agree with  @PhoneBoy  a network diagram would be very helpful.

I don't understand the question 100%.

 

1) Add three interfaces in GAIA

a) external (for example eth1) > internet

b) internal lan (for example eth2.123) > your network

c) management (for example eth2.10) > your management vlan

    (set this interface to management)

2) On Cisco switch allow only the used vlan's on the trunk (for example vlan 10 and vlan 123)

3) Add the default route in GAIA to internet

4) In the SmartConsole

 a) In the gateway object get the interface topology 

 b) Set IP spoofing (external to external interface (for example eth1) , internal lan (for example eth2.123) to > network topology) and management (for example eth2.10) to > network topology)

 c) On the gateway objekt enable hide NAT

 d) Add access rules

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top