BT Home HUB with Checkpoint safe@office 200

[reAnimate]

Hi.
I've worked in IT for over 12 years now so have a reasonable understanding of things, however configuring a Checkpoint firewall is quite new to me.

At home, I've got a Check Point Safe@office 200, and use a BT Home Hub with the BT Broadband service.

I'm trying to do 2 things, in steps:

1. Connect to the firewall using https from the internet
2. Configure remote access.

I can't even get step 1 to work :(

I have gone into the settings of the home hub, via game and application sharing, and set "HTTPS Server" to point to the IP Address of the Checkpoint firewall (i.e. 192.168.10.1) This address works internally if I go to http:192.168.10.1

I have configured the Checkpoint 200, under setup> management to accept https connections from anywhere.

Yet when I https://<BT HOME HUB IP> I get "The page can not be found" and " Cannot find server or DNS Error"

Any ideas?

Thanks,


Simon.

[Porter]

have you enabled and forwarded tcp 981? remote mgmt is done on that port

[reAnimate]

Hi.
Well I looked at the ports that were being fowarded by the https server setting. They were 443.
So I added a new application on the BT Home hub, named it SK CP HTTPS and forwarded 981 and got it to foward to 192.168.10.1

Same error again.

[Porter]

hmm, you were trying to reach the box from outside via https://ip.of.your.bt:981 ?

[reAnimate]

That's the idea.
I (perhaps mistakenly!) believe that once I can access the hub via https from anywhere, I'll be well on the way to configuring file sharing!

Https seems to use port 443.

It does say in the checkpoint guide that it is possible.

I really appreciate your help - BT have totally ignored me.

Simon.

[reAnimate]

to clarify:
if i log onto the bt hub, it shows it's IP address as an 82.x.y.z address.at the moment its not a static ip address os
Obviously, internally my address is 192.168.a.b hence the requirement of the BT Hub doing its routing bits.

I should be able to log on to https://82.x.y.z
???

[Porter]

no prob you're welcome!
To be honest I did not well understand your last question.
If you have the forwarding setup proberly you'll access the box via the public address of the bt, eg if you have current adress 86.45.67.89 you would have to enter https://86.45.67.89:981 to get to the box

[reAnimate]

yeah. that's what i thought should happen.
But doesn't.

I've only done 2 things - enable https on the checkpoint 200 and forward https from the hub to the checkpoint IP address.

Oh, and tried it :(

[Porter]

you still have tcp 981 forwarded?
do you see the requests to the box in the log of the box? It looks like that you're not far away from get it working. I setup several scenarios, worked always immediately

[reAnimate]

yup, i have both 981 and 443 forwarded to 192.168.10.1
I had to set 981 up as an application manually which seemed odd.
maybe some firewall settings need unsetting on the bt hub?

[reAnimate]

and i DO see requests in the log, saying that they are forwarded ...
and i can ping the BT IP address.

[Porter]

I always disable fw settings on devices that are in front of the box, just use it as basic router and let the box do the fw job and try it again.

*edit*

looks like that you all did well, strange thing
do you also see the the incoming request on the cp box?


I'm out for today, later...

[Porter]

does it work in the meantime? :)

[reAnimate]

Hi / morning / evening.

Well, I've disabled the FW earlier and it made no difference.
One thing that does spring to mind, not sure if it is of any relevance but:

1. The hub has an IP address of 83.x.y.z from BT
2. The hub's DHCP server and out-of-the-box network address is 192.168.0.x
2. The Checkpoint FW is on 192.168.10.1

Can't see it being a problem, as I can surf the web anbd send email etc.
Thanks again!

Interestingly, the logs say that the hub IS forwarding connections. Most odd.

Simon.

[Porter]

Hi!

I think we found it, I read the older posts from yesterday again, you have to forward to the wan interface of the box, not to the lan ip. So, check what ip the CP gets from BT and forward the remote mgmt ports (tcp 981) to that ip

[reAnimate]

That's what I (think) I am already doing - I log on to the BT hub, forward https to 192.168.10.1 which is the internal address I use to manage the Checkpoint Firewall.

Incidently, both the BT Hub & CPFW are doing DHCP.

The BT Hub does is on 192.168.0.x and the CPFW does it on 192.168.10.x

Not sure if this is a) relevent or b) good

Thanks for your continued help!

Simon.

[Porter]

you're welcome!

you have the wanport of the CP connected to the lanport of the BT right? So if the network between BT and CP is the 192.168.0.0. and if the wanport of the cp box gets 192.168.0.10 from the DHCP you would have to forward to that address, then you should have access.
Let me know your results ;-)

[reAnimate]

OK. I think I may have sorted it.
No idea why, but the address of the Checkpoint firewall is 192.168.1.64, and that's the address it needs, not the one I use to connect to it.
I will try it from work and let you know how I get on ...
Thanks again,

Simon.

[Porter]

alllright, hope you'll have your stuff working soon!

[reAnimate]

Many many thanks for your help!