This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NullBear
Explorer
3 weeks ago

3200 appliance instead of ISP router

Hi everyone,

I've tried looking for solutions to my issue here on the community portal, but I haven't found a specific thread that addresses my problem. I've set up a lab environment at home, and I want to position the firewall in front of the router instead of behind it. Let me describe my current setup and explain what I'm aiming for.

Currently, internet comes in through an SPF fiber connection into a device called a media converter (CVT-3002_PLUS-DR). From there, an Ethernet cable connects to the WAN port of my router. In the router settings, I'm seeing two different IP addresses for the WAN. 10.66 is from the media converter and the 188 is public. 

Desired setup: I want the internet to flow directly from the media converter into the CP3200 firewall, and then connect the router to the CP3200. Is this possible with the 3200SG? If yes, how do I achieve that? 

Note: When connecting directly from media converter to any ETH1/2/3/4/5 ports, with or without populating IP / subnet details nothing happens. Can't ping anything from CLI.

Drawing20.jpeg

Labels
Preview file
50 KB
0 Kudos
3 Replies
the_rock
Legend
Legend
3 weeks ago

Here is what I would test, just my personal take on it...so if you configure all in your desired setup snippet and nothing happens, maybe try bridge mode to see if it makes a difference? If yes, then I would say probably something with the routing is failing. Maybe run zdebug to see why traffic is dropped.

Best,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
3 weeks ago

Whether this is possible depends largely on whether the router is doing anything more than simple Ethernet. For example, it may be doing PPPoE or various other protocols.

If it's regular IP over regular Ethernet, you should definitely be able to set it up how you describe.

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to Bob_Zimmerman

Thats definitely a valid point, but if it does not work, I would say we need to check what (if anything) might be getting dropped on the fw side.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events