Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kul
Contributor

Cisco to checkpoint configuration

Hi all, 
Below is the Cisco router Configuration ,I would like replace the Cisco router with my Checkpoint device.
Could you please help me with suggestions

interface GigabitEthernet0/0 description Link to Internet + TWAN ip address 172.17.129.246 255.255.255.252 no ip redirects no ip proxy-arp ip wccp web-cache redirect in ip wccp web-cache group-listen ip flow ingress ip nat outside ip virtual-reassembly in load-interval 30 duplex auto speed auto no cdp enable service-policy input url-block-policy service-policy output WEB-BLOCK ! interface GigabitEthernet0/1 description ip address 172.27.156.1 255.255.252.0 no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly in duplex auto speed auto no cdp enable ! interface GigabitEthernet0/1.2 description LAN_NETWORK TO GEWOG CENTER encapsulation dot1Q 2 ip address 172.26.159.1 255.255.252.0 no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly in no cdp enable !
0 Kudos
8 Replies
Danny
Champion Champion
Champion

What exact Check Point device do you have?

0 Kudos
Kul
Contributor

I use 4000  series 

0 Kudos
Danny
Champion Champion
Champion

Then login to the GAiA WebUI on configure the interfaces as extracted from your Cisco config.

0 Kudos
Kul
Contributor

I need to configure router on stick with default vlan. I used vlan is as 2 and it did not work. I could nothing gw.
0 Kudos
Maarten_Sjouw
Champion
Champion

Even though it is not really supported you can setup and IP on eth1 and add a vlan on top of it and assign an IP to it.
Only thing is the Native VLAN on the switch trunk port will be the VLAN used by the main interface.
example:
eth1 is connected to a port that on the switch is set as mode access with VLAN 15 and on the FW ip address 172.17.129.246 255.255.255.252
eth2 is connected to a port set as trunk with native VLAN 1 and ip address 172.27.156.1 255.255.252.0
add eth2 vlan 2
eth2.2 set with ip address 172.26.159.1 255.255.252.0

Now routing will only work when you have a policy loaded.
Regards, Maarten
0 Kudos
Kul
Contributor

Thank you but 172.17.129.246/30 is connected to outside network for internet to ISP.
0 Kudos
Maarten_Sjouw
Champion
Champion

And what is your actual question? Are you doing Hide NAT behind the external IP or do you have routes for the internal networks on the ISP router?
Regards, Maarten
HeikoAnkenbrand
Champion Champion
Champion

 

That's what I do when I migrate a Cisco device to Check Point:-)

1) Creat a Cisco config file. For example cisco.txt.

Cisco> show running config

2) Upload this file to your new Check Point gateway. Now found all IP  addresses in cisco config and create a IP list.

Check Point GW# more cisco.txt | grep "ip address" > iplist.txt

3) After that you can customize the file via vi. Now edit the iplist.txt and replace the cisco syntax with the check point GAIA syntax.

For example Cisco syntax:
ip address 172.17.129.246 255.255.255.252

to Check Point syntax.
Now set the interface (red) for example eth0.1 and add the interface settings (green) for all interfaces:

set interface eth0.1 ipv4-address 172.17.129.246 mask 255.255.255.252
set interface eth0.1 link-speed 1000M/full
set interface eth0.1 state on
set interface eth0.1 auto-negotiation on
set interface eth0.1 mtu 1500

4) Now load the new iplist.txt file in GAIA via CLISH and save the new config:
Check Point GW> load configuration iplist.txt
Check Point GW> save config

PS:
- You can also take over the routes by adjusting the syntax.
- The NAT settings are added as NAT rules in the SmartConsole.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events