Solved

Two external interfaces with UTM-1 NGX R65

Posted on 2011-02-15
1
1,229 Views
Last Modified: 2013-11-16
I have two Checkpoint UTM-1 270s running NGX R65 in a HA cluster.  I have the several VLAN interfaces on the external interface and one non-VLAN (our default route ISP).  Routing to and from the private VLANs works fine, but I have just connected a new ISP via a VLAN on the external interface.  The connection from the ISP is up and I can PING the interface and it's gateway from the appliance, but all incoming traffic, from the internet, is dropped due to 'Address spoofing'.  I have created an object for the interface and put in a rule to allow incoming ICMP traffic, but the firewall still drops it due to spoofing.

I understand why this is happening, as the checkpoint is only expecting internet traffic to come from the interface with the default route.  But, I need the new ISP connection to allow incoming traffic, as it will be NATting traffic to a web site and other services.   Since I can't add the entire Internet to the topology of the this interface, I am at a loss here.  How do I make this happen?

This interface does not need to allow internally initiated outbound traffic (but that would be nice too.)

David Griswold

0
Comment
Question by:david_griswold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
david_griswold earned 0 total points
ID: 34901430
Never mind.  I forgot to specify in the firewall Topology that this was an external interface.  I assumed, incorrectly, that if I associated the VLAN with the external interface when I created it, it would default to being external.  Guess not.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question