Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Checkpoint Firewall IP Addresses?

I'm testing Checkpoint Firewall 4.1 at home.  I got only one static IP address from my ISP.  I'm trying to setup NAT with 192.168.0.x scope on my LAN for Internet Sharing.  I put the valid IP address on the external Interface and 192.168.0.1 on my internal interface (I'm running Firewall and Management modules in the same NT box).  Anything else do I need to setup on my Checkpoint to make NAT work?  I'll appreciate very much if you can show me step by step because I'm new in this field.  Thanks.
0
ThaiTran
Asked:
ThaiTran
1 Solution
 
chris_calabreseCommented:
Yes.  You need some rules to actually implement the NAT.  Otherwise your private addresses will leak out onto the Internet, which won't work because they'll be blocked by your ISP.

Check out what PhoneBoy has to say on the subject at http://www.phoneboy.com/.
0
 
ThaiTranAuthor Commented:
I know I will need some rules setup.  I did check the link but i still need step by step configuration.
0
 
chris_calabreseCommented:
Sorry, I don't have access to FW-1 right now to play with the instructions.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Droby10Commented:
define your networks/hosts/address ranges

select manage->network objects from the menu in the policy editor.

select the network/host/address range you want to apply a network translation to...

click edit

in the general tab you should have your private ip in the ip address field.

select the nat tab.
click the add automatic...checkbox

select the desired translation method and enter the translated ip address...

apply your policy.
0
 
Wandering_WizardCommented:
If you have the original CD looking the documentation folder for the getting started guide.

On my version it has a tutorial starting on P87.
0
 
FlamingSwordCommented:
As far as scope goes, I recommend defining all 256 up front as initial range, then, defining then unavailable ones (for whatever reason).

Justification is to facilitate growth, and self-document. The alternative of expanding a scope leads to a number of problems, among them S/W breaking and running into devices that have or had hardcoded addresses unknown to admin.
0
 
ThaiTranAuthor Commented:
I took the class and figured out how to make it work.. Thanks a lot for your comments.
0
 
DanRollinsCommented:
Hi ThaiTran,
You've requested to delete this question, but its status has remained as 'Pending Delete' because one or more comments have been added.  Normally, the only way to fully delete such a Question is to post a message to Community Support and ask for assistance.

EE is making a one-time database sweep to purge the Pending Delete Questions automatically.  During this sweep:

    ThaiTran -- To allow the deletion to proceed:  Do nothing.
    EXPERTS -- Please DON'T POST a comment except to contest this deletion.

In the future, please refer to http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#8 for instruction on deleting questions.

DanRollins -- EE database cleanup volunteer
0
 
chris_calabreseCommented:
Seems to me the points should go to Droby10
0
 
MoondancerCommented:
Thanks to all, finalized.
Moondancer - EE Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now