This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bear410hk
Explorer
‎2019-04-26 01:47 AM

Using CheckPoint 730 for the first point firewall

Dear All,

I'm new in CheckPoint firewall. I would like to add checkpoint 730 for my web service first point firewall as auditor suggest to use 2 different brands firewall for more security, As I search on google I need to use the bridge mode to pass anything from checkpoint to the second firewall. what should I do, or any step by step introduction I can study?

here is our network (Web Service);

Internet modem > Cisco Giga Switch (8 port, 2 Cable connected to SonicWall) > SonicWall Firewall x 2 (with failover) > VM 

For more security, I would like to add 730 before SonicWall Firewall. 

would like to change to :

Internet modem > Cisco Giga Switch (8 port, 2 Cable connected to CheckPoint730) > Check Point 730 > SonicWall Firewall x 2 (with failover) > VM 

Question:

1. is it the best way of using bridge mode?

2. if I add checkpoint before SonicWall, the internet address(already config in SonicWall) need move to the checkpoint as internet gateway?  

3. any way for no touch SonicWall config but can add checkpoint 730 with block function? (because SonicWall is under vendor control.) for example the same rules of Sonicwall, such as allow 80, 443 but block remote port etc...

Thanks for your help.  

Bear

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-04-28 11:41 PM

If you use Bridge Mode, the 730 is transparent and you don't need to change any addressing.
That said, you don't necessarily need to use Bridge Mode if the Sonicwall is already getting its public IP via DHCP.
Of course, then the Sonicwall won't be reachable from the Internet, which might mean you need to configure rules for the vendor to manage the Sonicwall...which you might need to do in Bridge Mode anyway.


Also, you don't necessarily get better security with two different vendor firewall products inline.
0 Kudos
bear410hk
Explorer
‎2019-04-29 12:25 AM
In response to PhoneBoy

HI Phoneboy,

Thanks for your reply.

I have some confines about the bridge mode setting. would you mind give me some guild/step of it?

1. As you said I don't need to change any addressing, so I just need to plug 2 cables into LAN port 1 & 2 and bridge both of them(br0) and using other 2 cables connect to LAN 3 & 4 with SonicWall 1 & 2 and also set at bridge mode (br1), am I right?

2. when I trying to set br0 at LAN1 switch checkpoint need me to enter an IP address (default 192.168.200.1), it can't be blank.

Thanks

Bear

 

 

 

 

Preview file
101 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events