This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lee_Doran
Explorer
‎2018-12-18 08:43 AM

firewall setup on 2 non-routeable networks

hello all,

 I am still new to Checkpoints so forgive me if this seems dumb. I have 2 private networks but want to limit and restrict more access to the second network (LAN) side and only allow access to the DC ETC... this should be fairly straight forward but I am struggling with it. the WAN side is the regular business network. I can also move the WAN connection and reconfigure LAN port 4 if its easier.  thanks

example_

0 Kudos
4 Replies
Lee_Doran
Explorer
‎2018-12-18 10:17 AM

also it is a 1200 r with

R77.20.81

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-18 10:25 AM

It would help if you state your requirements in terms of:

  • What host initiates the communication (LAN or WAN side)
  • What host will be the recipient of the connection (LAN or WAN side)
  • What services you intend to permit

Since you mention a DC (I assume you mean Datacenter) I assume the hosts may not be on the same subnet as your WAN interface.

That suggests you will have to adjust routing so hosts on your WAN know how to reach the LAN on your gateway.

Or you need to utilize NAT.

0 Kudos
Lee_Doran
Explorer
‎2018-12-18 01:22 PM
In response to PhoneBoy

Hello Dameon,

here are some answers to your questions

  • What host initiates the communication (LAN side )
  • What host will be the recipient of the connection (LAN for some WAN for others)
  • What services you intend to permit RDP/SQL/AD/WSUS server/Antivirus Will ping work?(probably not if using NAT)

thanks,

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-18 02:29 PM
In response to Lee_Doran

What you describe should work without any configuration whatsoever, assuming a factory default configuration.

This is because:

  • LAN to WAN traffic is by default permitted
  • LAN/LAN traffic is generally not filtered at all
  • Traffic destined to the WAN from the LAN should be hidden behind the WAN IP

Here's what you should see in the NAT and Policy screens:

You should try to ping the relevant hosts from the gateway to ensure you're not experiencing some other sort of connectivity issue. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top