Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Add a new internet net behind a firewall

Posted on 2001-06-05
7
Medium Priority
?
177 Views
Last Modified: 2013-11-16
Please take a look of the network diagram
http://free4home.dns2go.com/~adrian/screen02.jpg


currently, there are two segments behind the firewall,
the internet 1 and dmz network

Now our office going to expand so, a new "Internal net 2" will be added that attached to existing internet 1
a router will be placed in between

my question is how to config the checkpoint firewall to that internet net 2 can browse the Internet and internet 1 and internet net 2 can browse each other


since the new segment is not attached directly to the firewall, so I have no knowledge how to config the firewall at this time
0
Comment
Question by:adrianmak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 4

Accepted Solution

by:
jwalsh88 earned 200 total points
ID: 6155692
It will be no different you will just have to make some new rules in the rule base.  If I was you I would have one create a network object for each of your internal networks.  192.168.100.0 and 192.168.50.0 and put them in a container called internal and put them in where ever you currently have rules setup just for 192.168.100.0.  Also, make sure that the machine that checkpoint is installed on has a route to 192.168.50.0 configured.  I am going to admit that this seems to be a simple problem.  Did you setup the firewall?

Here is an excellent resource for checkpoint:

http://www.phoneboy.com

If you want something more specific I can help you write the rule base but you will have to post your email address as I don't think it would be a good idea to be posting firewall policies on the internet.

Hope this helps
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6156140
looking at your diagram, the easiest way short of defining the new network and creating a rule-base for that network, would be to let the router perform nat (translating the 192.168.50.1xx addresses to it's other interface 192.168.100.1)...

then ensure that you have included that address in your network definition for the existing rules concerning that netblock.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6156475
Why not just knock a bit off the subnet mask and expand the address space?  Is the router necessary?  Then all you would have to do is redefine the network object in the Checkpoint.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 4

Expert Comment

by:jwalsh88
ID: 6156512
I really wondered why there is a router there.  I am not sure what purpose it is serving.
0
 

Author Comment

by:adrianmak
ID: 6158301
jwalsh88 ,

this is my email address, adrianmak@iname.com
could you please give me some rules ?

I have something not clear

1st, on existing localnet 1, all PCs theirs default route is point the the firewall , so if a pc want to access a host at the new localnet 2, what is the routing ? This is the point I am not quite understand
0
 

Author Comment

by:adrianmak
ID: 6162109
The localnet 2 actually is another office located somehwere, the two office will connected with a leased line. Localnet 2 will access the existing office intranet and will also access the Internet thru existing office
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6164082
All you really need to do then is make sure that the router to the lease line has the correct routes, add a route on the Checkpoint for the locaLnet 2 that points to the router.  Define a network object in the Policy for localnet2, and add that object to your outbound rules and anti-spoofing.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This program is used to assist in finding and resolving common problems with wireless connections.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question