Add a new internet net behind a firewall

Please take a look of the network diagram

currently, there are two segments behind the firewall,
the internet 1 and dmz network

Now our office going to expand so, a new "Internal net 2" will be added that attached to existing internet 1
a router will be placed in between

my question is how to config the checkpoint firewall to that internet net 2 can browse the Internet and internet 1 and internet net 2 can browse each other

since the new segment is not attached directly to the firewall, so I have no knowledge how to config the firewall at this time
Who is Participating?
jwalsh88Connect With a Mentor Commented:
It will be no different you will just have to make some new rules in the rule base.  If I was you I would have one create a network object for each of your internal networks. and and put them in a container called internal and put them in where ever you currently have rules setup just for  Also, make sure that the machine that checkpoint is installed on has a route to configured.  I am going to admit that this seems to be a simple problem.  Did you setup the firewall?

Here is an excellent resource for checkpoint:

If you want something more specific I can help you write the rule base but you will have to post your email address as I don't think it would be a good idea to be posting firewall policies on the internet.

Hope this helps
looking at your diagram, the easiest way short of defining the new network and creating a rule-base for that network, would be to let the router perform nat (translating the addresses to it's other interface

then ensure that you have included that address in your network definition for the existing rules concerning that netblock.
Why not just knock a bit off the subnet mask and expand the address space?  Is the router necessary?  Then all you would have to do is redefine the network object in the Checkpoint.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

I really wondered why there is a router there.  I am not sure what purpose it is serving.
adrianmakAuthor Commented:
jwalsh88 ,

this is my email address,
could you please give me some rules ?

I have something not clear

1st, on existing localnet 1, all PCs theirs default route is point the the firewall , so if a pc want to access a host at the new localnet 2, what is the routing ? This is the point I am not quite understand
adrianmakAuthor Commented:
The localnet 2 actually is another office located somehwere, the two office will connected with a leased line. Localnet 2 will access the existing office intranet and will also access the Internet thru existing office
All you really need to do then is make sure that the router to the lease line has the correct routes, add a route on the Checkpoint for the locaLnet 2 that points to the router.  Define a network object in the Policy for localnet2, and add that object to your outbound rules and anti-spoofing.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.