 | ||
 Add Subnet R61 splat | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-04-15 | |||
| |||
 Add Subnet R61 splat Hi, I have a splat r61 working perfect. all the IP's are real (no Nat),autonomous system. The dmz subnet is eth2 192.111.60.0 255.255.255.192 The lan subnet is eth1 192.111.61.0 255.255.255.0 The out subnet is eth0 192.111.60.64 255.255.255.240 My lan pool are almost out of ip addresses and i need more ip's for more workstation to add. the subnet have 192.111.61.0 255.255.255.0 which is 254ip's. I have one more class c in my pool (right now not in use) - 192.111.63.0 255.255.255.0 what and how to config the R61 splat to enable internet connection for a workstation in the lan that will have ip address from the new pool 192.111.63.0 255.255.255.0 ? all work station are connect to the same lan (no vlan or router). __________________ http://uploaded.fresh.co.il/2004/11/26/14216764.jpg  |
| 2007-04-15 | |||
| |||
| Re: Add Subnet R61 splat Routing 101 says you gotta have a gateway on that subnet in order to route that traffic. You can create vlan interfaces or sub interfaces with the appropriate IP addresses assigned. In your situation you might want to introduce NAT into the equation. |
| 2007-04-15 | |||
| |||
| Re: Add Subnet R61 splat Hi, do you mean that i have to add one more nic to the splat? __________________ http://uploaded.fresh.co.il/2004/11/26/14216764.jpg |
| 2007-04-16 | |||
| |||
| Re: Add Subnet R61 splat What do you mean "subnets are not contiguous" can you give example of contiguous subnets? is splat r61 support sub interface? __________________ http://uploaded.fresh.co.il/2004/11/26/14216764.jpg |
| 2007-04-16 | |||
| |||
| Re: Add Subnet R61 splat If you had 192.111.60.0/24 available you could "supernet" this one with the 192.111.61.0/24, by changing the netmask to be /23. So 192.111.60.0/23 (using net mask 255.255.254.0) would have 512 addresses, 510 of which usable. 62 and 63 could also be "superneted" together, etc SPLAT supports sub interface yes. |
| 2007-04-16 | |||
| |||
| Re: Add Subnet R61 splat I tried to add a different IP to the internal interface. befor adding the new ip run ifconfig -a eth0 192.111.60.69 255.255.255.240 etc... eth1 192.111.61.1 255.255.255.0 etc... eth2 192.111.60.1 255.255.255.192 etc... after add new ip to the internal interface run ip config -a eth0 192.111.60.69 255.255.255.240 etc... eth1 192.111.61.1 255.255.255.0 etc... eth1:0 192.111.63.1 255.255.255.0 etc... eth2 192.111.60.1 255.255.255.192 etc... after the ip was added to eth1:0 running the command fw ctl iflist 0 : eth0 1 : eth1 2 : eth2 now i need to configure the gateway interface topology in the dashboard. the eth1:0 (new interface) is not supported and not appear. how to configure the topology to work with the new subnet? __________________ http://uploaded.fresh.co.il/2004/11/26/14216764.jpg |
| 2007-04-18 | |||
| |||
| Re: Add Subnet R61 splat You have to use a group for this topo. 1) create a group for example name firewallname_eth1 2) create the network objects (if not present) for 192.111.61.0/24 and 192.111.63.0/24 3) put the network objects in the group 4) configure the antispoofing for eth1 to use this group If you have sk access: Solution ID: 55.0.4270321.2607685 - Setting up virtual interfaces on VPN-1/FireWall-1 sk27369: Adding virtual IP address on SecurePlatform interfaces as alternative for eth1:x use a small transfer network and a fast layer 3 switch build the group for the network objects and route with the switch |
| 2007-04-19 | |||
| |||
| Re: Add Subnet R61 splat Done. work perfect Thank you all __________________ http://uploaded.fresh.co.il/2004/11/26/14216764.jpg |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
