Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vitaliyb
Explorer

Check Point 1450 Appliance Several External IP

Hi, all.

I am a newbie with Check Point products.

I have Check Point 1450 in my company. ISP bring us a network with /29 mask.

Now I can assign only one IP to External interface.

How can I let to work another 4 IP's?  

0 Kudos
11 Replies
PhoneBoy
Admin
Admin

What is the configuration of the WAN interface?
Is this 1450 centrally managed or locally managed?
0 Kudos
vitaliyb
Explorer

1450 localy managed.

0 Kudos
PhoneBoy
Admin
Admin

Few ways to do it:

  • Put the relevant hosts on the WAN side of the firewall and assign them one of your four remaining IPs. Obviously the 1450 won't be protecting these hosts.
  • Create Server objects (Users and Objects > Servers) for the hosts you want to use the public IP addresses. In Step 2 of the Wizard, you specify the private IP address of the system in question. In Step 4, you specify the public IP you want the system to be accessible by.
  • Create manual NAT rules (Access Policy > Firewall > NAT).
0 Kudos
vitaliyb
Explorer

Thanks for reply.

I think I have not accurately explained what I want to get in the end. 

By now all works fine, but with only one IP.

Look at pic.

Ideally Server1 must be publish by IP1.  Server2 by IP2 & etc. 

Is it real? 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

 
 
 


 

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
vitaliyb
Explorer

Thanks, but it didn't work for me.

I do all like you say, but in Logs nothing that refer to Second IP. 

Look at pic. Blue rule work fine. Red rule don't.

0 Kudos
PhoneBoy
Admin
Admin

If you do a tcpdump on the WAN interface when someone tries connecting to the .75 address, what do you see?
0 Kudos
vitaliyb
Explorer

Packet Capture show nothing with IP .75

I try ping, telnet to port 5555. no mention of the address .75

0 Kudos
vitaliyb
Explorer

Hi, all.

Yesterday I was try localize problem.

I build this scheme. Results was:

1. IP .75 reply to ping 

2. all rules works fine. (Thanks to @G_W_Albrecht and @PhoneBoy )

But! It all works only with my laptop with IP .76

All other addresses from different subnet can't connect to IP .75

It looks like "virtual interface with IP .75" has no default-gateway on it.  

Can someone explain me whats going on?

0 Kudos
PhoneBoy
Admin
Admin

What you should see on a tcpdump from the gateway when someone tries to connect to .75 is an ARP request that looks something like this:

16:09:32.652969 ARP, Request who-has x.y.z.75 tell x.y.z.73, length 28

The fact it's working from your PC connected at .76 suggests the gateway is doing exactly what it's supposed to do.
The fact it doesn't work in other scenarios suggests a configuration issue with your ISP router.
0 Kudos
vitaliyb
Explorer

Hi for all.
Problem was solved by changed provider's "last mile" equipment.
I try to solve problem with Checkpoint Support Team. Let him to connect to my 1450. No changes.
Finally we decided to change the type of connection to the provider and problem was gone.
Thanx for all who try to help me.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events