Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fdhfdshs5454
Participant

CheckPoint with Dynamic IP address and CG-NAT

Hello,

I am trying to deploy a CheckPoint 1450.
Its WAN public IP is dynamic and there is also CG-NAT.

I have created a DAIP object in the CheckPoint Management and the SIC connection (initiated by the CheckPoint) has the status "trust established".

However, there is an error in the SIC connection:

"Could not establish TCP connection with 0.0.0.5

** Please make sure that Check Point Services are running on CP-Test-Starlink and that TCP connectivity is allowed from Security Management Server to IP 0.0.0.5, Port 18191 **"

I assume that the management machine is trying to contact the CheckPoint DAIP via TCP port 18191 (CPD).
Due to CG-NAT, port 18191 may not be allocated to my public IP address.

Is there a way to make a CheckPoint work with a dynamic IP + CG-NAT?

Thank you for your help,

0 Kudos
(1)
2 Replies
PhoneBoy
Admin
Admin

SIC has to be initiated from the gateway itself towards the management, which needs to have a fixed IP address and be reachable from the Internet.
This can be done on the SMB device in Home > Security Management.

0 Kudos
Guru_N_Training
Participant

From what I have found, communication from the management server to the gateway will not work as it cannot communicate with a CGNAT IP.  Communication from the gateway to the management server will work fine since your MGMT has a static external routable IP. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events