Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
prashantds
Participant
Jump to solution

Make Windows Server accessible publically.

Hi All,

 

 I am very new to Checkpoint Firewall, We are using R77.30. 

We want to make our server accessible publicly by using Public IP.This public IP is having GW different than the current one which is configured on fw for internet access.

I have tried making a Node with Static NAT, and allowed the traffic by making rules.

but when i use that internet stops working on the server. and its not working.

Please suggest.

Thanks,

Prashant. 

Prashant
0 Kudos
1 Solution

Accepted Solutions
mdjmcnally
Advisor

In very simple terms what you want to do is have the ISP ROUTE your NEW IP Range to the Firewall on the Firewalls Current IP.

 

You can then create a Node for the Windows Server with the Private IP and then under Static NAT have the Public IP that want it known as.

 

At the moment when you do that then because the ISP Router has a Local Subnet for your Public IP then it does an ARP who has for the IP.

Nothing responds as doesn't exist and so you never get a reply.

 

If you provide the Check Point's External IP to your ISP and have them route the new Public IP Range to that IP then that will have the ISP Router forward all traffic for your new IP Range to the Check Point.

View solution in original post

9 Replies
PhoneBoy
Admin
Admin
Screenshots of exactly what you configured along with a network diagram would help tremendously.
0 Kudos
prashantds
Participant

Hi,

Thanks for your reply. Please find attached config ss.

we have created one NAT rule hiding the server ip behind static public ip.

The problem is current public IP used for external traffic  and the public ip we are going to use now have different GW.

Thanks,

Prashant.

Prashant
0 Kudos
PhoneBoy
Admin
Admin
Please explain detail what you mean by "public ip we are going to use now have different GW."
A concrete example would help.
prashantds
Participant

Hi,

Our current network runs on following Public IP range.

NW: xxx.xxx.23.88/29 

GW xxx.xxx.23.89

The new ip we got from ISP is this :

NW: xxx.xxx.6.72
GW : xxx.xxx.6.73
MASK: 255.255.255.248

The IP for server which we want to access publicly is 10.38.28.19 

My concern is how can i flow traffic from servers IP to xxx.xxx.6.72 IP and vice versa.

Thanks,

 

Prashant
0 Kudos
Chris_Atkinson
Employee Employee
Employee

What's the routing for the new network, where is the ISP routing it towards?

CCSM R77/R80/ELITE
mdjmcnally
Advisor

In very simple terms what you want to do is have the ISP ROUTE your NEW IP Range to the Firewall on the Firewalls Current IP.

 

You can then create a Node for the Windows Server with the Private IP and then under Static NAT have the Public IP that want it known as.

 

At the moment when you do that then because the ISP Router has a Local Subnet for your Public IP then it does an ARP who has for the IP.

Nothing responds as doesn't exist and so you never get a reply.

 

If you provide the Check Point's External IP to your ISP and have them route the new Public IP Range to that IP then that will have the ISP Router forward all traffic for your new IP Range to the Check Point.

prashantds
Participant
@mdjmcnally

Thanks for the explanation, is there no workaround for this to do it from myside??

Prashant
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Unfortunately not unless you are using Dynamic routing with your ISP?

Correct routing is a prerequisite for NAT.

CCSM R77/R80/ELITE
prashantds
Participant
Ok... Thanks for replies guys...
Prashant
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events