Solved

Checkpoint Firewall IP Addresses?

Posted on 2001-06-04
10
234 Views
Last Modified: 2013-11-16
I'm testing Checkpoint Firewall 4.1 at home.  I got only one static IP address from my ISP.  I'm trying to setup NAT with 192.168.0.x scope on my LAN for Internet Sharing.  I put the valid IP address on the external Interface and 192.168.0.1 on my internal interface (I'm running Firewall and Management modules in the same NT box).  Anything else do I need to setup on my Checkpoint to make NAT work?  I'll appreciate very much if you can show me step by step because I'm new in this field.  Thanks.
0
Comment
Question by:ThaiTran
10 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6152805
Yes.  You need some rules to actually implement the NAT.  Otherwise your private addresses will leak out onto the Internet, which won't work because they'll be blocked by your ISP.

Check out what PhoneBoy has to say on the subject at http://www.phoneboy.com/.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6153090
I know I will need some rules setup.  I did check the link but i still need step by step configuration.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6153109
Sorry, I don't have access to FW-1 right now to play with the instructions.
0
 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6154574
define your networks/hosts/address ranges

select manage->network objects from the menu in the policy editor.

select the network/host/address range you want to apply a network translation to...

click edit

in the general tab you should have your private ip in the ip address field.

select the nat tab.
click the add automatic...checkbox

select the desired translation method and enter the translated ip address...

apply your policy.
0
 
LVL 1

Expert Comment

by:Wandering_Wizard
ID: 6218016
If you have the original CD looking the documentation folder for the getting started guide.

On my version it has a tutorial starting on P87.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Expert Comment

by:FlamingSword
ID: 6784013
As far as scope goes, I recommend defining all 256 up front as initial range, then, defining then unavailable ones (for whatever reason).

Justification is to facilitate growth, and self-document. The alternative of expanding a scope leads to a number of problems, among them S/W breaking and running into devices that have or had hardcoded addresses unknown to admin.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6784476
I took the class and figured out how to make it work.. Thanks a lot for your comments.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7088734
Hi ThaiTran,
You've requested to delete this question, but its status has remained as 'Pending Delete' because one or more comments have been added.  Normally, the only way to fully delete such a Question is to post a message to Community Support and ask for assistance.

EE is making a one-time database sweep to purge the Pending Delete Questions automatically.  During this sweep:

    ThaiTran -- To allow the deletion to proceed:  Do nothing.
    EXPERTS -- Please DON'T POST a comment except to contest this deletion.

In the future, please refer to http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#8 for instruction on deleting questions.

DanRollins -- EE database cleanup volunteer
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7090728
Seems to me the points should go to Droby10
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7119982
Thanks to all, finalized.
Moondancer - EE Moderator
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now