- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
Ink Dragon: A Major Nation-State Campaign
Watch HereCheckMates Go:
CheckMates Fest
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- CheckMates
- :
- Products
- :
- Hybrid Mesh
- :
- Spark Firewall (SMB)
- :
- VPN route over WAN link
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
This widget could not be displayed.
8 Replies
This widget could not be displayed.
This widget could not be displayed.
Good afternoon,
I have 2 SMBs added from Checkpoint Management, I closed the VPN using SIC and VPN COMUTIES, when I try to access or ping the servers at both ends, it responds normally.
However, when I give a TRACERT on the LAN IP, it should go out through the firewall's LAN IP to the head office and vice versa, but it is going out to the public IP (WAN) and then arrives on the LAN network on the other side.
EXAMPLE:
tracert 192.168.0.100
1 <1 ms <1 ms <1 ms 192.168.200.247 - IP FW MATRIZ (FICTICIO)
2 5 ms 7 ms 7 ms 186.201.133.84 - WAN IP OF THE UNIT
3 8 ms 7 ms 6 ms 192.168.0.100 UNIT LAN IP
This is causing me a problem, I have equipment in the unit that needs to communicate with a server in the head office, but it has to be with the LAN IP, it is arriving with the WAN IP, and the connection is not completed.
Has anyone experienced a similar problem?
Thank you in advance for your support.
VPN route over WAN link
VPN route over WAN link
VPN route over WAN link
VPN route over WAN link
Good afternoon,
I have 2 SMBs added from Checkpoint Management, I closed the VPN using SIC and VPN COMUTIES, when I try to access or ping the servers at both ends, it responds normally.
However, when I give a TRACERT on the LAN IP, it should go out through the firewall's LAN IP to the head office and vice versa, but it is going out to the public IP (WAN) and then arrives on the LAN network on the other side.
EXAMPLE:
tracert 192.168.0.100
1 <1 ms <1 ms <1 ms 192.168.200.247 - IP FW MATRIZ (FICTICIO)
2 5 ms 7 ms 7 ms 186.201.133.84 - WAN IP OF THE UNIT
3 8 ms 7 ms 6 ms 192.168.0.100 UNIT LAN IP
This is causing me a problem, I have equipment in the unit that needs to communicate with a server in the head office, but it has to be with the LAN IP, it is arriving with the WAN IP, and the connection is not completed.
Has anyone experienced a similar problem?
Thank you in advance for your support.
Good afternoon,
I have 2 SMBs added from Checkpoint Management, I closed the VPN using SIC and VPN COMUTIES, when I try to access or ping the servers at both ends, it responds normally.
However, when I give a TRACERT on the LAN IP, it should go out through the firewall's LAN IP to the head office and vice versa, but it is going out to the public IP (WAN) and then arrives on the LAN network on the other side.
EXAMPLE:
tracert 192.168.0.100
1 <1 ms <1 ms <1 ms 192.168.200.247 - IP FW MATRIZ (FICTICIO)
2 5 ms 7 ms 7 ms 186.201.133.84 - WAN IP OF THE UNIT
3 8 ms 7 ms 6 ms 192.168.0.100 UNIT LAN IP
This is causing me a problem, I have equipment in the unit that needs to communicate with a server in the head office, but it has to be with the LAN IP, it is arriving with the WAN IP, and the connection is not completed.
Has anyone experienced a similar problem?
Thank you in advance for your support.
Good afternoon,
I have 2 SMBs added from Checkpoint Management, I closed the VPN using SIC and VPN COMUTIES, when I try to access or ping the servers at both ends, it responds normally.
However, when I give a TRACERT on the LAN IP, it should go out through the firewall's LAN IP to the head office and vice versa, but it is going out to the public IP (WAN) and then arrives on the LAN network on the other side.
EXAMPLE:
tracert 192.168.0.100
1 <1 ms <1 ms <1 ms 192.168.200.247 - IP FW MATRIZ (FICTICIO)
2 5 ms 7 ms 7 ms 186.201.133.84 - WAN IP OF THE UNIT
3 8 ms 7 ms 6 ms 192.168.0.100 UNIT LAN IP
This is causing me a problem, I have equipment in the unit that needs to communicate with a server in the head office, but it has to be with the LAN IP, it is arriving with the WAN IP, and the connection is not completed.
Has anyone experienced a similar problem?
Thank you in advance for your support.
Good afternoon,
I have 2 SMBs added from Checkpoint Management, I closed the VPN using SIC and VPN COMUTIES, when I try to access or ping the servers at both ends, it responds normally.
However, when I give a TRACERT on the LAN IP, it should go out through the firewall's LAN IP to the head office and vice versa, but it is going out to the public IP (WAN) and then arrives on the LAN network on the other side.
EXAMPLE:
tracert 192.168.0.100
1 <1 ms <1 ms <1 ms 192.168.200.247 - IP FW MATRIZ (FICTICIO)
2 5 ms 7 ms 7 ms 186.201.133.84 - WAN IP OF THE UNIT
3 8 ms 7 ms 6 ms 192.168.0.100 UNIT LAN IP
This is causing me a problem, I have equipment in the unit that needs to communicate with a server in the head office, but it has to be with the LAN IP, it is arriving with the WAN IP, and the connection is not completed.
Has anyone experienced a similar problem?
Thank you in advance for your support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good afternoon, in this case I use it through centralized management, the configuration is done in the Smart Console, following the attached nat rule, which I had tested.
Good afternoon, in this case I use it through centralized management, the configuration is done in the Smart Console, following the attached nat rule, which I had tested.
Good afternoon, in this case I use it through centralized management, the configuration is done in the Smart Console, following the attached nat rule, which I had tested.
Good afternoon, in this case I use it through centralized management, the configuration is done in the Smart Console, following the attached nat rule, which I had tested.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a similar setting in the VPN Community for centrally managed gateways:
If you enable this checkbox and push policy to the relevant gateways, a NAT rule should not be necessary.
There is a similar setting in the VPN Community for centrally managed gateways:
If you enable this checkbox and push policy to the relevant gateways, a NAT rule should not be necessary.
There is a similar setting in the VPN Community for centrally managed gateways:
If you enable this checkbox and push policy to the relevant gateways, a NAT rule should not be necessary.
There is a similar setting in the VPN Community for centrally managed gateways:
If you enable this checkbox and push policy to the relevant gateways, a NAT rule should not be necessary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good afternoon,
Perfect, I understand, we are on the right track, I enabled it and it stopped appearing in my server's log which is coming through the unit's WAN IP, but I still haven't shown the IP of the equipment but rather the firewall of my Headquarters, inserting a printout below.
It should not arrive with IP 192.168.0.247 which is from the matrix firewall, it should arrive with IP 192.168.200.100 which would be the LAN IP of the equipment in the unit.
I am attaching the complete Community configuration.
Good afternoon,
Perfect, I understand, we are on the right track, I enabled it and it stopped appearing in my server's log which is coming through the unit's WAN IP, but I still haven't shown the IP of the equipment but rather the firewall of my Headquarters, inserting a printout below.
It should not arrive with IP 192.168.0.247 which is from the matrix firewall, it should arrive with IP 192.168.200.100 which would be the LAN IP of the equipment in the unit.
I am attaching the complete Community configuration.
Good afternoon,
Perfect, I understand, we are on the right track, I enabled it and it stopped appearing in my server's log which is coming through the unit's WAN IP, but I still haven't shown the IP of the equipment but rather the firewall of my Headquarters, inserting a printout below.
It should not arrive with IP 192.168.0.247 which is from the matrix firewall, it should arrive with IP 192.168.200.100 which would be the LAN IP of the equipment in the unit.
I am attaching the complete Community configuration.
Good afternoon,
Perfect, I understand, we are on the right track, I enabled it and it stopped appearing in my server's log which is coming through the unit's WAN IP, but I still haven't shown the IP of the equipment but rather the firewall of my Headquarters, inserting a printout below.
It should not arrive with IP 192.168.0.247 which is from the matrix firewall, it should arrive with IP 192.168.200.100 which would be the LAN IP of the equipment in the unit.
I am attaching the complete Community configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not clear what the "matrix" firewall is, or, really where anything in the diagram is.
Please reattach a diagram making the following items clearly noted:
- Where traffic is originating from
- Where your Quantum Spark device is (the one we're talking about the configuration of)
- Where your "headquarters" firewall is
- Where the traffic is ultimately destined for
In any case, if the traffic is leaving the SMB gateway with the correct IP according to the logs, then the NAT probably isn't happening at the SMB gateway.
I'm not clear what the "matrix" firewall is, or, really where anything in the diagram is.
Please reattach a diagram making the following items clearly noted:
- Where traffic is originating from
- Where your Quantum Spark device is (the one we're talking about the configuration of)
- Where your "headquarters" firewall is
- Where the traffic is ultimately destined for
In any case, if the traffic is leaving the SMB gateway with the correct IP according to the logs, then the NAT probably isn't happening at the SMB gateway.
I'm not clear what the "matrix" firewall is, or, really where anything in the diagram is.
Please reattach a diagram making the following items clearly noted:
- Where traffic is originating from
- Where your Quantum Spark device is (the one we're talking about the configuration of)
- Where your "headquarters" firewall is
- Where the traffic is ultimately destined for
In any case, if the traffic is leaving the SMB gateway with the correct IP according to the logs, then the NAT probably isn't happening at the SMB gateway.
I'm not clear what the "matrix" firewall is, or, really where anything in the diagram is.
Please reattach a diagram making the following items clearly noted:
- Where traffic is originating from
- Where your Quantum Spark device is (the one we're talking about the configuration of)
- Where your "headquarters" firewall is
- Where the traffic is ultimately destined for
In any case, if the traffic is leaving the SMB gateway with the correct IP according to the logs, then the NAT probably isn't happening at the SMB gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello partner, I still have the same problem, testing it but I couldn't get it to arrive correctly, any ideas so I can test it?
I appreciate all the support.
Hello partner, I still have the same problem, testing it but I couldn't get it to arrive correctly, any ideas so I can test it?
I appreciate all the support.
Hello partner, I still have the same problem, testing it but I couldn't get it to arrive correctly, any ideas so I can test it?
I appreciate all the support.
Hello partner, I still have the same problem, testing it but I couldn't get it to arrive correctly, any ideas so I can test it?
I appreciate all the support.
