Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaetano_Nicosia
Participant

Alias for Ips

Hello,

I have a pool of Public IP. 

Is it possible to configure more than one public IP on a 730 firewall with firmware R77.20.86?

In many firewalls it is possible to create IPs alias; is it also possible on this firewall?

If so, how?

Thank You and Best Regards

Gaetano

0 Kudos
5 Replies
HristoGrigorov

Answer to your question is hidden inside sk105380.

It's a long table and as you may notice it does not have rows numbering (good usability feature Check Point likes to skip) so unfortunately I can't point you exactly where it is.

0 Kudos
Amir_Erman
Employee
Employee

we plan to release firmware that supports alias IPs very soon, as well as many network enhancements   with the new appliance line 15xx

In case you wish test it, please contact me directly 

0 Kudos
HristoGrigorov

Can you be more specific about these "many network enhancements" please ? 😀

0 Kudos
Gaetano_Nicosia
Participant

Hello Amir

First, Thank You for feedback.

Now I would like to understand if this is right for me and therefore I try to explain better.

The provider has provided a pool of static public IP addresses.

Assuming that the assigned class IP is 10.0.0.64/29 (it is not a public class but do not use some IP assigned to others it may be fine), we have

  1. 10.0.0.64 Subnet ID
  2. 10.0.0.65 - 10.0.0.70 Usable IP Addresses
  3. 10.0.0.71 Broadcast Address

I have created on the 730 this WAN Interface:

  • IP address: 10.0.0.66
  • Subnet Mask: 255.255.255.248
  • Gateway: gateway IP 10.0.0.65

At this point the Internet connection work fine.

Now, for example, I would like to assign IP 10.0.0.68 to the email server.

Can I do it with the 730? How?

Best Regards

Gaetano

0 Kudos
Tom_Hinoue
Advisor
Advisor

If you can assign a private IP for your internal server, then you can try configuring static NAT.
We have an option for static NAT rules that can automatically configure the gateway(WAN) to act as an proxy arp for the other address you want to use.

[example]
Source: Any (or define desired source)
Destination: 10.0.0.68/29
Service: Any (or define desired service)
Xlate Src: Original
Xlate Dst: <Server private IP>
Xlate Srv: Original

Also, If there are originating connections from the internal server to out,
then add a No-NAT rule or for the address you want the server to talk outside like:

[example]
Source: <Server private IP>
Destination: Any (or other address from your assigned pool)
Service: Any
Xlate Src: 10.0.0.68/29
Xlate Dst: Original
Xlate Srv: Original

Also, don't forget to make sure you add incoming access rules to your server along with the NAT rules.
In locally managed mode, configuring Server Objects should automate some of this for you.

If you really need to configure your LAN interface (for server) with the same subnet as WAN, then you will need to configure your gateway as bridge mode... other wise aliases are coming soon in the new 1500 series as Amir stated above.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events