Changing Checkpoint's Subnet!?!
Hello Experts
I need to reconfigure checkpoint onto a separate subnet (hidden from main LAN).
We currently operate a flat network, for this example 192.168.0.0/255.255.0.0. The IP of the firewall is currently 192.168.5.11/255.255.0.0. Our default gateway configuration is rubbish, single interface doing stick routing (traffic in/out on same interface).
Client (192.168.10.10/255.255.0.0
I need to change the default gateway to use two interfaces and checkpoint will be on the external side of the new default gateway config (with a new subnet)
Client (192.168.10.10/255.255.0.0
I've written the routing table for a dual interface gateway correctly. Tested these rules on a DSL router (connected to external interface on gateway) and they worked. When I changed the subnet on checkpoint we lost all external connectivity. Main error messages seen in checkpoint was :-
Information: message_info: Dropped packet forwarded between two external interfaces
The step taken in checkpoint was
1. Change Physical Adapter IP information
2. Change Gateway IP information in Dashboard (VPN Communities)
3. Added 192.168.5.0 Network to Checkpoint.
4. Update Dashboard Topography to indicate 192.168.0.0 Network was behind 192.168.5.0 Network (VPN Communities)
So what did I miss, NAT perhaps??? Anyone know the logical steps to go through to change checkpoint's subnet....
MIS
I need to reconfigure checkpoint onto a separate subnet (hidden from main LAN).
We currently operate a flat network, for this example 192.168.0.0/255.255.0.0. The IP of the firewall is currently 192.168.5.11/255.255.0.0. Our default gateway configuration is rubbish, single interface doing stick routing (traffic in/out on same interface).
Client (192.168.10.10/255.255.0.0
I need to change the default gateway to use two interfaces and checkpoint will be on the external side of the new default gateway config (with a new subnet)
Client (192.168.10.10/255.255.0.0
I've written the routing table for a dual interface gateway correctly. Tested these rules on a DSL router (connected to external interface on gateway) and they worked. When I changed the subnet on checkpoint we lost all external connectivity. Main error messages seen in checkpoint was :-
Information: message_info: Dropped packet forwarded between two external interfaces
The step taken in checkpoint was
1. Change Physical Adapter IP information
2. Change Gateway IP information in Dashboard (VPN Communities)
3. Added 192.168.5.0 Network to Checkpoint.
4. Update Dashboard Topography to indicate 192.168.0.0 Network was behind 192.168.5.0 Network (VPN Communities)
So what did I miss, NAT perhaps??? Anyone know the logical steps to go through to change checkpoint's subnet....
MIS
in the topology--Ip spoofing .. window, change the topology of one of the interfaces to internal ...i suppose both interfaces will be set to external at present. it should work after that
ASKER
Hi
I've already tried our setup with IP spoofing disabled. NO joy. Sorry forgot to add that to my inital request 8(
MIS
I've already tried our setup with IP spoofing disabled. NO joy. Sorry forgot to add that to my inital request 8(
MIS
ASKER
Figured this out
The firewall external "192.168.5.11/255.255.255.
Default gateway would get confused about routing ;)
Fixed use different network range for external interface.
The firewall external "192.168.5.11/255.255.255.
Default gateway would get confused about routing ;)
Fixed use different network range for external interface.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
thnx
Cj