cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Lee_Doran
Ivory

firewall setup on 2 non-routeable networks

hello all,

 I am still new to Checkpoints so forgive me if this seems dumb. I have 2 private networks but want to limit and restrict more access to the second network (LAN) side and only allow access to the DC ETC... this should be fairly straight forward but I am struggling with it. the WAN side is the regular business network. I can also move the WAN connection and reconfigure LAN port 4 if its easier.  thanks

example_

0 Kudos
4 Replies
Lee_Doran
Ivory

Re: firewall setup on 2 non-routeable networks

also it is a 1200 r with

R77.20.81

0 Kudos
Admin
Admin

Re: firewall setup on 2 non-routeable networks

It would help if you state your requirements in terms of:

  • What host initiates the communication (LAN or WAN side)
  • What host will be the recipient of the connection (LAN or WAN side)
  • What services you intend to permit

Since you mention a DC (I assume you mean Datacenter) I assume the hosts may not be on the same subnet as your WAN interface.

That suggests you will have to adjust routing so hosts on your WAN know how to reach the LAN on your gateway.

Or you need to utilize NAT.

0 Kudos
Lee_Doran
Ivory

Re: firewall setup on 2 non-routeable networks

Hello Dameon,

here are some answers to your questions

  • What host initiates the communication (LAN side )
  • What host will be the recipient of the connection (LAN for some WAN for others)
  • What services you intend to permit RDP/SQL/AD/WSUS server/Antivirus Will ping work?(probably not if using NAT)

thanks,

0 Kudos
Admin
Admin

Re: firewall setup on 2 non-routeable networks

What you describe should work without any configuration whatsoever, assuming a factory default configuration.

This is because:

  • LAN to WAN traffic is by default permitted
  • LAN/LAN traffic is generally not filtered at all
  • Traffic destined to the WAN from the LAN should be hidden behind the WAN IP

Here's what you should see in the NAT and Policy screens:

You should try to ping the relevant hosts from the gateway to ensure you're not experiencing some other sort of connectivity issue. 

0 Kudos