This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaetano_Nicosia
Participant
‎2020-03-17 12:55 AM

Alias for Ips

Hello,

I have a pool of Public IP. 

Is it possible to configure more than one public IP on a 730 firewall with firmware R77.20.86?

In many firewalls it is possible to create IPs alias; is it also possible on this firewall?

If so, how?

Thank You and Best Regards

Gaetano

0 Kudos
5 Replies
HristoGrigorov
Mentor
Mentor
‎2020-03-17 04:16 AM

Answer to your question is hidden inside sk105380.

It's a long table and as you may notice it does not have rows numbering (good usability feature Check Point likes to skip) so unfortunately I can't point you exactly where it is.

0 Kudos
Amir_Erman
Employee
Employee
‎2020-03-17 05:39 AM
In response to HristoGrigorov

we plan to release firmware that supports alias IPs very soon, as well as many network enhancements   with the new appliance line 15xx

In case you wish test it, please contact me directly 

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-03-17 05:51 AM
In response to Amir_Erman

Can you be more specific about these "many network enhancements" please ? 😀

0 Kudos
Gaetano_Nicosia
Participant
‎2020-03-17 07:37 AM
In response to Amir_Erman

Hello Amir

First, Thank You for feedback.

Now I would like to understand if this is right for me and therefore I try to explain better.

The provider has provided a pool of static public IP addresses.

Assuming that the assigned class IP is 10.0.0.64/29 (it is not a public class but do not use some IP assigned to others it may be fine), we have

  1. 10.0.0.64 Subnet ID
  2. 10.0.0.65 - 10.0.0.70 Usable IP Addresses
  3. 10.0.0.71 Broadcast Address

I have created on the 730 this WAN Interface:

  • IP address: 10.0.0.66
  • Subnet Mask: 255.255.255.248
  • Gateway: gateway IP 10.0.0.65

At this point the Internet connection work fine.

Now, for example, I would like to assign IP 10.0.0.68 to the email server.

Can I do it with the 730? How?

Best Regards

Gaetano

0 Kudos
Tom_Hinoue
Advisor
‎2020-03-17 09:30 AM
In response to Gaetano_Nicosia

If you can assign a private IP for your internal server, then you can try configuring static NAT.
We have an option for static NAT rules that can automatically configure the gateway(WAN) to act as an proxy arp for the other address you want to use.

[example]
Source: Any (or define desired source)
Destination: 10.0.0.68/29
Service: Any (or define desired service)
Xlate Src: Original
Xlate Dst: <Server private IP>
Xlate Srv: Original

Also, If there are originating connections from the internal server to out,
then add a No-NAT rule or for the address you want the server to talk outside like:

[example]
Source: <Server private IP>
Destination: Any (or other address from your assigned pool)
Service: Any
Xlate Src: 10.0.0.68/29
Xlate Dst: Original
Xlate Srv: Original

Also, don't forget to make sure you add incoming access rules to your server along with the NAT rules.
In locally managed mode, configuring Server Objects should automate some of this for you.

If you really need to configure your LAN interface (for server) with the same subnet as WAN, then you will need to configure your gateway as bridge mode... other wise aliases are coming soon in the new 1500 series as Amir stated above.

0 Kudos