This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fdhfdshs5454
Participant
‎2022-03-02 07:48 AM

CheckPoint with Dynamic IP address and CG-NAT

Hello,

I am trying to deploy a CheckPoint 1450.
Its WAN public IP is dynamic and there is also CG-NAT.

I have created a DAIP object in the CheckPoint Management and the SIC connection (initiated by the CheckPoint) has the status "trust established".

However, there is an error in the SIC connection:

"Could not establish TCP connection with 0.0.0.5

** Please make sure that Check Point Services are running on CP-Test-Starlink and that TCP connectivity is allowed from Security Management Server to IP 0.0.0.5, Port 18191 **"

I assume that the management machine is trying to contact the CheckPoint DAIP via TCP port 18191 (CPD).
Due to CG-NAT, port 18191 may not be allocated to my public IP address.

Is there a way to make a CheckPoint work with a dynamic IP + CG-NAT?

Thank you for your help,

0 Kudos
(1)
2 Replies
PhoneBoy
Admin
Admin
‎2022-03-02 08:15 AM

SIC has to be initiated from the gateway itself towards the management, which needs to have a fixed IP address and be reachable from the Internet.
This can be done on the SMB device in Home > Security Management.

0 Kudos
Guru_N_Training
Participant
‎2023-12-06 07:07 AM

From what I have found, communication from the management server to the gateway will not work as it cannot communicate with a CGNAT IP.  Communication from the gateway to the management server will work fine since your MGMT has a static external routable IP. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events