Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kukuified
Explorer

administrative access only to gateway ip

Hi all

I am quite new to the Check Point product. Currently, I have a Checkpoint 5200 that im trying to configure only management network able to access to the gateway which was set to 192.168.10.1.

I am still able to access 192.168.10.1 via interfaces on the gateway. Is there any ways to just restrict access only to 192.168.10.1 but not via other interfaces?

Thanks

0 Kudos
4 Replies
_Val_
Admin
Admin

I assume, it is a gateway appliance. You need to configure your network policy for this gateway to disallow access from unwanted networks. However, if authorised networks are routed to some other interfaces than your mgmt NIC (with that 192.168.10.1) address, clients will still be able to access. It is all a matter of configuration. 

We do not use access lists per interfaces on Check Point. 

0 Kudos
Kukuified
Explorer

hi Val

thanks for your reply. Is there any ways to configure such that i only restrict access to 192.168.10.1 for managing my gateway appliance but not via any interface gateway ip address?

I saw this option under Smartconsole secure platform settings but I’m not sure how to set firewall policy for this scenario. Could you advise on this ?

82C0D13B-A594-49F8-B12F-A082CFF5A423.jpeg

0 Kudos
Th-Chi
Participant

nice
0 Kudos
PhoneBoy
Admin
Admin

Use "According to Firewall Policy" and create an Access Policy rule that Accepts the precise traffic you wish to allow.
Then make sure you have a stealth rule in place (any gateway any drop).

0 Kudos