This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mudderkage
Participant
‎2023-04-20 01:09 PM

Forcing external 1430 appliance gateways to use internal IP/interface.

Hi all,

We have a lot of 1430 appliance gateways on remote sites, that are connected via S2S VPN to our central firewall.
They are running R77.20.87 build 990173120
They are managed by our central R81.10 manager.

I want connections from the 1430 appliances to our central log server to be encrypted in the VPN tunnels.
I also want connections from the 1430 appliances to our central DNS/NTP/AD resources to be encrypted in the VPN tunnels.

In sk119415 I see that "fw ctl set int fw_enc_conns_use_internal 1" on the 1430 appliances will fix exactly that.
My problem is that I can't control which IP/interface is used.
Our network topology has one IP/interface on the 1430 appliances that are the same on all the remote locations.
The 1430 appliances chooses exactly that IP/interface.  🤕

How can I make the 1430 appliances choose another IP/interface ???

Best regards 
  Jan 

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-04-20 06:50 PM

The only idea I have is to test whether with the use of Aliases you can influence this at all.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2023-04-21 07:57 AM

What interface is it, the LAN one?
I suspect what you're asking for is an RFE.

0 Kudos
Mudderkage
Participant
‎2023-04-21 10:49 AM
In response to PhoneBoy

All our SMB boxes sends traffic from source LAN6 
RFE...   well, I never considered that, but it would be wonderful


CP1430> show interfaces
name: LAN6
ipv4-address: 172.16.240.1
status: 1/full

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-04-24 04:07 AM

Asked TAC already ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events