This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lcako
Participant
a week ago

internet access through firewall

Hi,

I have a netis router with ip 172.20.10.2 and gateway 172.20.10.1 , also i have firewall sg3600 with mgnt ip 192.168.1.1 , eth1 ip192.168.4.1 and eth2 ip 192.168.5.2 . i want to deploy this firewall and have internet access in my laptop.

What i did is :

Log in to Netis Router (http://172.20.10.2)
Go to: Network > Routing

 Add a static route:

Destination: 192.168.4.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.5.2 (Firewall eth2)

Add Static Route in Gaia WebUI

Login to Check Point Gaia WebUI (https://192.168.1.1).
Go to: Network Management > IPv4 Static Routes.
Add the following routes:

  • Route for Internet traffic:
    • Destination: 0.0.0.0/0
    • Gateway: 172.20.10.1 (Netis Router Gateway)
    • Interface: eth2
  • Route for LAN traffic:
    • Destination: 192.168.4.0/24
    • Gateway: 192.168.4.1 (Firewall eth1)
    • Interface: eth1

      Configure Hide NAT in SmartConsole

      Open SmartConsole → Security Policy → NAT.
      Add a new Hide NAT Rule:

      • Original Source: 192.168.4.0/24 (Internal network)
      • Original Destination: Any
      • Service: Any
      • Translated Source: 192.168.5.2 (Firewall eth2 IP)
      • Save & Install Policy.

      Step 4: Set Laptop Network Configuration

      Your laptop must use the firewall’s eth1 IP (192.168.4.1) as the default gateway.

      Go to Network Settings on Laptop
      Set Static IP:

      • IP Address: 192.168.4.100
      • Subnet Mask: 255.255.255.0
      • Default Gateway: 192.168.4.1 (Firewall eth1)
      • DNS Server: 8.8.8.8 (Google DNS) Save & Restart Network.

      Configure Security Policy in SmartConsole

      The firewall must allow traffic from eth2 (WAN) to eth1 (LAN).

      Add Access Control Rule in SmartConsole

      Go to SmartConsole → Security Policy > Access Control.
      Create a New Rule:

      • Source: 192.168.4.0/24 (Internal network)
      • Destination: Any
      • Service: Any
      • Action: Accept Save & Install Policy.
      On firewall SSH i can ping netis router , but cannot ping internet 8.8.8.8. 
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events