This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SYSSOLBRD
Explorer
‎2024-02-19 08:45 AM

Need to Understand the Manual Port Forwarding (Multiple Ports) to a Single Host behind the Firewall

Hello Team,

My Self Ripal Bhatt, I have a CheckPoint 1530 Appliance with The Firmware Version "R81.10.08 (996001683)" installed at my place.

I am trying to do multiple service port forwarding to a single host but for some reason I am not able to configure the same.

I have a device on my network with the IP address "192.168.2.246" and I have few services used by the device. The Services are as below :

TCP : 9010, 9011, 32680 and few other ports

So I have created Custom Services under User & Objects with required ports and added them to one single Service Groups. Now I want to create a rule that IP coming from any source to my static IP provided by my ISP and using all the services in the Service Group should be forwarded to the IP 192.168.2.246 but I am not able to achieve the same.

 

If I use the wizard under Access Policy --> Server in that case I need to create multiple rules for the same server and it is becoming very strange task to the best of my knowledge.

So if any one of you can share any article where we can create the NAT Policy and Firewall Rule manually so that we can forward multiple ports to the single host behind the firewall then it will be a great help.

 

Ripal Bhatt

0 Kudos
5 Replies
the_rock
Legend
Legend
‎2024-02-19 11:20 AM

Hey mate,

If this is locally managed smb appliance, there should be an option to create separate NAT policy for this, thats separate than actual security policy.

Best,

Andy

 

 

0 Kudos
SYSSOLBRD
Explorer
‎2024-02-22 08:24 AM
In response to the_rock

Hello Andy,

Thanks for the reply. Let me show you the way devices are connected so I can make you visualize what I want to achieve.

CheckPoint_Port_Forwarding.png

 

So as you can see I had created a Service Group for all the Ports That I need to open and my need is to create rule in NAT Policy and Firewall section if required so that all the ports can be open using the live ip 102.135.275.122.

To be more specific the port 9011 and 9010 is the http and https ports so if i open the url https://102.135.275.122:9011 then it should open from the external network and also I need to create a reverse lookup so that the same url should work behind the network as well.

I hope this information may enable you to help me better. Thanks a lot.

 

Ripal Bhatt

0 Kudos
the_rock
Legend
Legend
‎2024-02-22 08:28 AM
In response to SYSSOLBRD

Wait...where exactly are you attempting to open that link from?

Andy

0 Kudos
SYSSOLBRD
Explorer
‎2024-04-06 05:58 AM
In response to the_rock

Hello Rock,

Sorry for the delayed reply. Actually the IP 192.168.2.250 is given to my storage and it has various services and port which I want to access from the external world. Like so that I can use rSync Services, SSH Services, other few application ports like NextCloud is using 32680 so that if I am in local network I will be accessing it using url http://192.168.2.250:32680 and if I am outside of Network than I will be using the url  https://102.135.275.122:32680 with live ip so that I can give the users the same experience.

I hope this will make it more clear.

Thank you for your support.

 

Ripal Bhatt

0 Kudos
the_rock
Legend
Legend
‎2024-04-06 10:10 AM
In response to SYSSOLBRD

Like pretty much anything internal you need to access from external, you need nat for that. Lets take trivial (for the lack of a better term) example. Say you have a friend who wants to RDP into your computer at home, in such case, you would need to do port forwarding on your ISP home router to say forward traffic from anywhere on port 3389 to say 192.168.1.55 (if your home net was such, 192.168.1.0/24). 

Makes sense?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events