This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TRajkumar
Contributor
Contributor
Tuesday

Checkpoint Firewall for ISP provider

Hi Everyone,

 I'm going to deploy a checkpoint firewall to ISP provider. 2 connections as considered as uplink(external) and some other interfaces as down link (LAN - it also the public IP addresses). We have access the internet from the down link public IP addresses.

 I have configured the interfaces and topology as 2 external and 1 internal with specified network. In this setup we don't require a NAT, since we already using the public IP addresses. Also policy configured with allow action.

Now I try to ping 8.8.8.8 there is no response, even there is accept log on firewall logs & no drops in fw ctl. When during the tcpdump

I notice the arp issue. ( 8.8.8.8 learned by my external interfaces and also try to learn on my internal interfaces

Can some guide me how to deploy a checkpoint to ISP providers with topology details.

Do let me know if any other details required.

 

Thanks

Rajkumar T

 

 

 

Preview file
21 KB
0 Kudos
8 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Tuesday

What routing is configured on the firewall at present?

I assume 8.8.8.8 is just an example IP and you aren't actually seeing an ARP on a local segment for the google DNS server?

CCSM R77/R80/ELITE
0 Kudos
TRajkumar
Contributor
Contributor
Tuesday
In response to Chris_Atkinson

Hi Chris

 Routing: Configured the default route as next hop is external router IP address. Moreover we enabled the ISP redundancy (Active/backup).

 I did     ping -I <INTERFACE NAME> 8.8.8.8  and there is no replay for the ICMP request. When i check the arp -a, i noticed arp messages on external interfaces and incomplete arp for google.dns on all other interfaces interfaces. 

In addition, if i try ping -I <EXTERNAL INTERFACE> 8.8.8.8  i got the response.

Thanks

Rajkumar T

Preview file
8 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Tuesday

Can you send a screenshot of how you have topology configured? Please blur out any sensitive data.

Best,
Andy
0 Kudos
TRajkumar
Contributor
Contributor
Tuesday
In response to the_rock

Hi Rock,

 Attached the topology here. Hope it gives required details.

Thanks
Rajkumar T

Preview file
9 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Tuesday
In response to TRajkumar

Not really. I will send what I was referring to Wednesday morning.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to TRajkumar

Hey @TRajkumar 

This is what I was referring to.

 

Screenshot_1.png

Screenshot_2.png

  

Best,
Andy
0 Kudos
Martijn
Advisor
Advisor
yesterday

Hi,

Can it be the ICMP reply is routed back to the other external interface?
Can you check with fw monitor or tcpdump?

A simple network diagram might help.

Martijn

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
yesterday

Hi Rajkumar

Not sure if I am missing something basic, but why are you expecting to see an ARP entry for Google's DNS?  ARP resolves MAC address to IP on your local L2 network.  Do you have your respective ISP router's addresses (gateway's default gateway(s)) in your ARP table and vice versa?

If not try doing a gratuitous arp:  "arping -c 4 -A -I eth1 100.100.100.2"

If the IPs are not physically assigned do the following: 

Expert# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
Expert# arping -c 4 -A -I eth1 100.100.100.2

Ruan

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events