Re: administrative access only to gateway ip

Kukuified · ‎2020-10-01

Hi all

I am quite new to the Check Point product. Currently, I have a Checkpoint 5200 that im trying to configure only management network able to access to the gateway which was set to 192.168.10.1.

I am still able to access 192.168.10.1 via interfaces on the gateway. Is there any ways to just restrict access only to 192.168.10.1 but not via other interfaces?

Thanks

_Val_ · ‎2020-10-02

I assume, it is a gateway appliance. You need to configure your network policy for this gateway to disallow access from unwanted networks. However, if authorised networks are routed to some other interfaces than your mgmt NIC (with that 192.168.10.1) address, clients will still be able to access. It is all a matter of configuration.

We do not use access lists per interfaces on Check Point.

Kukuified · ‎2020-10-04

hi Val

thanks for your reply. Is there any ways to configure such that i only restrict access to 192.168.10.1 for managing my gateway appliance but not via any interface gateway ip address?

I saw this option under Smartconsole secure platform settings but I’m not sure how to set firewall policy for this scenario. Could you advise on this ?

Th-Chi · ‎2020-10-04

nice

PhoneBoy · ‎2020-10-04

Use "According to Firewall Policy" and create an Access Policy rule that Accepts the precise traffic you wish to allow.
Then make sure you have a stealth rule in place (any gateway any drop).

Are you a member of CheckMates?

administrative access only to gateway ip