This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Becanty_Evrard_
Explorer
‎2019-05-20 03:15 AM

unable to join another network and internet through the appliance

Hello community, I need your help. in fact I had to deploy a 3200 applicance under GAIA R80.20 to a client who already has an ASA cisco that I have to replace. So after configuring the interfaces, the default route, the DNS and importing the cisco ASA rules, I connected the appliance to the network. But no communication possible through the 3200.

 

LAN SNEPCI.PNG

 

attached the existing architecture with the ASA

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2019-05-20 06:05 PM

Can you describe what troubleshooting you've done to date?

I tend to start with the basics like making sure you can ping "near" and "far" addresses of the security gateway from the LAN and DMZ. And, of course, ping from the gateway itself to various locations.

And of course, look at the logs and see what they have to say. From there it depends on what you find.

0 Kudos
Becanty_Evrard_
Explorer
‎2019-05-21 01:49 AM
In response to PhoneBoy

being in the LAN I can ping the interface close to the gateway, but I can not reach remote interfaces. gateway I manage to join the interfaces that are pockets but not internet. I will now check my logs.

but can you tell me a little what type of log I can find and what will be the possible solutions?
0 Kudos
Becanty_Evrard_
Explorer
‎2019-05-21 04:35 AM
In response to PhoneBoy

being in the LAN I can ping the interface close to the gateway, but I can not reach remote interfaces. gateway I manage to join the interfaces that are pockets but not internet. I will now check my logs.

but can you tell me a little what type of log I can find and what will be the possible solutions?

0 Kudos
Nüüül
Advisor
Advisor
‎2019-05-21 01:41 AM

Hi,

Would first have a look at ARP tables from Clients and Gateway, if IP<->MAC Resolution is ok? Maybe some VLAN Tags are missing or old ARP entries. If this is OK, try pinging around, as Dameon said.

if Pinging to Gateway is ok, try next step to ISP Router. Also had the case, that on the ISP router there are static or very slowly updated ARP entries.

 

Daniel

0 Kudos
Vladimir
Champion
Champion
‎2019-05-21 05:34 AM

Two things that are missing from the description of the steps you have taken configuring 3200 are:

1. Definition of the gateway topology

2. NAT configuration for the network and server objects

 

Please check the "Networking/Topology" and define them as "External", "Internal"and "DMZ" with later two having appropriate networks behind interfaces.

Additionally, for objects representing hosts in DMZ, configure Static NAT parameters and for networks behind Internal, configure "Hide" NAT behind Gateway Object.

You may want to temporary enable ICMP in the Global Policy properties for troubleshooting and check logs for the NAT action, looking at XLate source and destination.

 

Regards,

Vladimir

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events