Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Checkpoint Firewall IP Addresses?

Posted on 2001-06-04
10
Medium Priority
?
262 Views
Last Modified: 2013-11-16
I'm testing Checkpoint Firewall 4.1 at home.  I got only one static IP address from my ISP.  I'm trying to setup NAT with 192.168.0.x scope on my LAN for Internet Sharing.  I put the valid IP address on the external Interface and 192.168.0.1 on my internal interface (I'm running Firewall and Management modules in the same NT box).  Anything else do I need to setup on my Checkpoint to make NAT work?  I'll appreciate very much if you can show me step by step because I'm new in this field.  Thanks.
0
Comment
Question by:ThaiTran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6152805
Yes.  You need some rules to actually implement the NAT.  Otherwise your private addresses will leak out onto the Internet, which won't work because they'll be blocked by your ISP.

Check out what PhoneBoy has to say on the subject at http://www.phoneboy.com/.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6153090
I know I will need some rules setup.  I did check the link but i still need step by step configuration.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6153109
Sorry, I don't have access to FW-1 right now to play with the instructions.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Accepted Solution

by:
Droby10 earned 400 total points
ID: 6154574
define your networks/hosts/address ranges

select manage->network objects from the menu in the policy editor.

select the network/host/address range you want to apply a network translation to...

click edit

in the general tab you should have your private ip in the ip address field.

select the nat tab.
click the add automatic...checkbox

select the desired translation method and enter the translated ip address...

apply your policy.
0
 
LVL 1

Expert Comment

by:Wandering_Wizard
ID: 6218016
If you have the original CD looking the documentation folder for the getting started guide.

On my version it has a tutorial starting on P87.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6784013
As far as scope goes, I recommend defining all 256 up front as initial range, then, defining then unavailable ones (for whatever reason).

Justification is to facilitate growth, and self-document. The alternative of expanding a scope leads to a number of problems, among them S/W breaking and running into devices that have or had hardcoded addresses unknown to admin.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6784476
I took the class and figured out how to make it work.. Thanks a lot for your comments.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7088734
Hi ThaiTran,
You've requested to delete this question, but its status has remained as 'Pending Delete' because one or more comments have been added.  Normally, the only way to fully delete such a Question is to post a message to Community Support and ask for assistance.

EE is making a one-time database sweep to purge the Pending Delete Questions automatically.  During this sweep:

    ThaiTran -- To allow the deletion to proceed:  Do nothing.
    EXPERTS -- Please DON'T POST a comment except to contest this deletion.

In the future, please refer to http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#8 for instruction on deleting questions.

DanRollins -- EE database cleanup volunteer
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7090728
Seems to me the points should go to Droby10
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7119982
Thanks to all, finalized.
Moondancer - EE Moderator
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question