Solved

Checkpoint Firewall IP Addresses?

Posted on 2001-06-04
10
242 Views
Last Modified: 2013-11-16
I'm testing Checkpoint Firewall 4.1 at home.  I got only one static IP address from my ISP.  I'm trying to setup NAT with 192.168.0.x scope on my LAN for Internet Sharing.  I put the valid IP address on the external Interface and 192.168.0.1 on my internal interface (I'm running Firewall and Management modules in the same NT box).  Anything else do I need to setup on my Checkpoint to make NAT work?  I'll appreciate very much if you can show me step by step because I'm new in this field.  Thanks.
0
Comment
Question by:ThaiTran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6152805
Yes.  You need some rules to actually implement the NAT.  Otherwise your private addresses will leak out onto the Internet, which won't work because they'll be blocked by your ISP.

Check out what PhoneBoy has to say on the subject at http://www.phoneboy.com/.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6153090
I know I will need some rules setup.  I did check the link but i still need step by step configuration.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6153109
Sorry, I don't have access to FW-1 right now to play with the instructions.
0
Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

 
LVL 5

Accepted Solution

by:
Droby10 earned 100 total points
ID: 6154574
define your networks/hosts/address ranges

select manage->network objects from the menu in the policy editor.

select the network/host/address range you want to apply a network translation to...

click edit

in the general tab you should have your private ip in the ip address field.

select the nat tab.
click the add automatic...checkbox

select the desired translation method and enter the translated ip address...

apply your policy.
0
 
LVL 1

Expert Comment

by:Wandering_Wizard
ID: 6218016
If you have the original CD looking the documentation folder for the getting started guide.

On my version it has a tutorial starting on P87.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6784013
As far as scope goes, I recommend defining all 256 up front as initial range, then, defining then unavailable ones (for whatever reason).

Justification is to facilitate growth, and self-document. The alternative of expanding a scope leads to a number of problems, among them S/W breaking and running into devices that have or had hardcoded addresses unknown to admin.
0
 
LVL 2

Author Comment

by:ThaiTran
ID: 6784476
I took the class and figured out how to make it work.. Thanks a lot for your comments.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7088734
Hi ThaiTran,
You've requested to delete this question, but its status has remained as 'Pending Delete' because one or more comments have been added.  Normally, the only way to fully delete such a Question is to post a message to Community Support and ask for assistance.

EE is making a one-time database sweep to purge the Pending Delete Questions automatically.  During this sweep:

    ThaiTran -- To allow the deletion to proceed:  Do nothing.
    EXPERTS -- Please DON'T POST a comment except to contest this deletion.

In the future, please refer to http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#8 for instruction on deleting questions.

DanRollins -- EE database cleanup volunteer
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7090728
Seems to me the points should go to Droby10
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7119982
Thanks to all, finalized.
Moondancer - EE Moderator
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question