CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > NAT (Network Address Translation)
Reload this Page Minimal NAT config
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-10-23
paolo.piombino paolo.piombino is offline
Junior Member
  
Join Date: 2007-10-22
Posts: 12
Rep Power: 0
paolo.piombino has an average reputation (10+)
Default Minimal NAT config
Hi All
i have a Checkpoint Firewall 1NGX v60 trial 15 days version on RHEL 3 installed but does not work :((
the installation was successfull but i cannot configure the firewall for nothing.
Can anyone give me a simple example configuration?
It is a problem with trial version or not?

I made a config with 2 ethernet
LAN: 192.168.1.99
WAN:1.1.1.1
an i will nat all outbound traffic with the public IP address.
thank you
bye
Paolo
Reply With Quote
  #2 (permalink)  
Old 2007-10-23
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 993
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: Minimal NAT config
Did you install a smartcenter and gateway on the box or just a gateway?
Reply With Quote
  #3 (permalink)  
Old 2007-10-24
paolo.piombino paolo.piombino is offline
Junior Member
  
Join Date: 2007-10-22
Posts: 12
Rep Power: 0
paolo.piombino has an average reputation (10+)
Default Re: Minimal NAT config
both

thank you

Paolo
Reply With Quote
  #4 (permalink)  
Old 2007-10-24
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 993
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: Minimal NAT config
There is a fully functional 15 day trial license so shouldn't be a problem.

Can you even login to the Dashboard at all.

First rule should allow you access with ssh to the box

so

Src = Your PC
Dst = Firewall Object
Service = ssh
Action = Accept
Track = Log

Second Rule should prevent all other traffic to the firewall

Src = Any
Dst = Firewall Object
Service = Any
Action = Drop
Track = Log

Third Rule allow outbound

Src = Net192.168.1.0
Dst = Any
Service = Any
Action = Accept
Track = Blank

4th Rule

Src = Any
Dsst = Any
Service = Any
Action = Accept
Track = Log


On the object for Net_192.168.1.x then go to the NAT tab and set to hide behind gateway.

This config will allow your specific pc access with ssh to the Red Hat Linux, if you want other services then just add the required ones to the services coloumn.

It will prevent any other address making a remote connection to the firewall box.

It will allow the 192.168.1.x network access to the outside world natted behind the address of the firewall.

It will drop all other traffic and log the dropped packets.

This is about the most basic that you can get.
Reply With Quote
  #5 (permalink)  
Old 2007-10-24
MarioL MarioL is offline
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: Minimal NAT config
Typo on 4th rule, Action should be "Drop" ;)

And since you are testing, I'd log rule 3, so you see the traffic going out.
Reply With Quote
  #6 (permalink)  
Old 2007-10-24
paolo.piombino paolo.piombino is offline
Junior Member
  
Join Date: 2007-10-22
Posts: 12
Rep Power: 0
paolo.piombino has an average reputation (10+)
Default Re: Minimal NAT config
Excuse me but I' am a newbie with firewall 1 :-((

Under "Security" tab i write a the 1st rule

N.1 Name:BLANK SOURCE:192.168.1.112 (my IP address) DESTINATION:WAN IP address of the firewall-1 VPN:ANY TRAFFIC SERVICE:TCP-ssh ACTION:ACCEPT TRACK:LOG INSTALL ON:policy target TIME:any

but i cannot connect with putty to the firewall
what is wrong?
thanks

Paolo
Reply With Quote
  #7 (permalink)  
Old 2007-10-25
MarioL MarioL is offline
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: Minimal NAT config
Use the firewall object on that rule, no need to create a specific host for the external IP. Also, you are probably connecting internally, right?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 14:29.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0