using external IP

[miketree]

I'm new to checkpoint, so please be gentle :)

I have inherited a network using checkpoint firewalls.

currently all the servers behind the firewall are on local IPs and use NAT.

Is it possible to implement a server behind the firewall so that it uses the external IP address?

If so, could you point me in the right direction. I'm quite capable of reading a manual once I've worked out what I'm looking for.

[kerbros]

Couple pre-reqs
1. Do you have access at least one public IP aside from firewall external interface?
2. If you do you need to read up on NAT
-what your describing is called "Static Nat'ing"

i.e [internal LAN or DMZ ip] x.x.x.x = [public IP] 131.107.1.1
-just for grins I used a Microsoft IP :)

[miketree]

Not sure that is what I want. With static nat, the server still has an IP with an internal address that maps to a different public address, doesn't it?

I want to use the public address on the server.

[kerbros]

Well it depends, what are you trying to do?

[miketree]

I want to host a server for someone else behind our firewall, but give the server it's actual public IP, rather than one of our internal subnet IPs

[Scorpio]

I'm not sure if I understand exactly what you are trying to do, but there are a number of ways to accomplish something like this. If you want the hosted server to have a PHYSICAL public IP, then you would have to split the external IP subnet (or obtain a new IP range from your ISP) and create a DMZ on your firewall with that range. You would then move the server to that DMZ and give it an IP within the public range. This removes the need for NAT completely.

If you just want it to be publicly accessible but have it remain on your internal private LAN, you would have to use static NAT.