Solved

Checkpoint Firewall IP Addresses?

Posted on 2001-06-04
10
239 Views
Last Modified: 2013-11-16
I'm testing Checkpoint Firewall 4.1 at home.  I got only one static IP address from my ISP.  I'm trying to setup NAT with 192.168.0.x scope on my LAN for Internet Sharing.  I put the valid IP address on the external Interface and 192.168.0.1 on my internal interface (I'm running Firewall and Management modules in the same NT box).  Anything else do I need to setup on my Checkpoint to make NAT work?  I'll appreciate very much if you can show me step by step because I'm new in this field.  Thanks.
0
Comment
Question by:ThaiTran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6152805
Yes.  You need some rules to actually implement the NAT.  Otherwise your private addresses will leak out onto the Internet, which won't work because they'll be blocked by your ISP.

Check out what PhoneBoy has to say on the subject at http://www.phoneboy.com/.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6153090
I know I will need some rules setup.  I did check the link but i still need step by step configuration.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6153109
Sorry, I don't have access to FW-1 right now to play with the instructions.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6154574
define your networks/hosts/address ranges

select manage->network objects from the menu in the policy editor.

select the network/host/address range you want to apply a network translation to...

click edit

in the general tab you should have your private ip in the ip address field.

select the nat tab.
click the add automatic...checkbox

select the desired translation method and enter the translated ip address...

apply your policy.
0
 
LVL 1

Expert Comment

by:Wandering_Wizard
ID: 6218016
If you have the original CD looking the documentation folder for the getting started guide.

On my version it has a tutorial starting on P87.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6784013
As far as scope goes, I recommend defining all 256 up front as initial range, then, defining then unavailable ones (for whatever reason).

Justification is to facilitate growth, and self-document. The alternative of expanding a scope leads to a number of problems, among them S/W breaking and running into devices that have or had hardcoded addresses unknown to admin.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6784476
I took the class and figured out how to make it work.. Thanks a lot for your comments.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7088734
Hi ThaiTran,
You've requested to delete this question, but its status has remained as 'Pending Delete' because one or more comments have been added.  Normally, the only way to fully delete such a Question is to post a message to Community Support and ask for assistance.

EE is making a one-time database sweep to purge the Pending Delete Questions automatically.  During this sweep:

    ThaiTran -- To allow the deletion to proceed:  Do nothing.
    EXPERTS -- Please DON'T POST a comment except to contest this deletion.

In the future, please refer to http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#8 for instruction on deleting questions.

DanRollins -- EE database cleanup volunteer
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7090728
Seems to me the points should go to Droby10
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7119982
Thanks to all, finalized.
Moondancer - EE Moderator
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question