- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello,
I have a pool of Public IP.
Is it possible to configure more than one public IP on a 730 firewall with firmware R77.20.86?
In many firewalls it is possible to create IPs alias; is it also possible on this firewall?
If so, how?
Thank You and Best Regards
Gaetano
Answer to your question is hidden inside sk105380.
It's a long table and as you may notice it does not have rows numbering (good usability feature Check Point likes to skip) so unfortunately I can't point you exactly where it is.
we plan to release firmware that supports alias IPs very soon, as well as many network enhancements with the new appliance line 15xx
In case you wish test it, please contact me directly
Can you be more specific about these "many network enhancements" please ? 😀
Hello Amir
First, Thank You for feedback.
Now I would like to understand if this is right for me and therefore I try to explain better.
The provider has provided a pool of static public IP addresses.
Assuming that the assigned class IP is 10.0.0.64/29 (it is not a public class but do not use some IP assigned to others it may be fine), we have
I have created on the 730 this WAN Interface:
At this point the Internet connection work fine.
Now, for example, I would like to assign IP 10.0.0.68 to the email server.
Can I do it with the 730? How?
Best Regards
Gaetano
If you can assign a private IP for your internal server, then you can try configuring static NAT.
We have an option for static NAT rules that can automatically configure the gateway(WAN) to act as an proxy arp for the other address you want to use.
[example]
Source: Any (or define desired source)
Destination: 10.0.0.68/29
Service: Any (or define desired service)
Xlate Src: Original
Xlate Dst: <Server private IP>
Xlate Srv: Original
Also, If there are originating connections from the internal server to out,
then add a No-NAT rule or for the address you want the server to talk outside like:
[example]
Source: <Server private IP>
Destination: Any (or other address from your assigned pool)
Service: Any
Xlate Src: 10.0.0.68/29
Xlate Dst: Original
Xlate Srv: Original
Also, don't forget to make sure you add incoming access rules to your server along with the NAT rules.
In locally managed mode, configuring Server Objects should automate some of this for you.
If you really need to configure your LAN interface (for server) with the same subnet as WAN, then you will need to configure your gateway as bridge mode... other wise aliases are coming soon in the new 1500 series as Amir stated above.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY