CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Topology Issues
Adding new subnet behing Inside LAN - Address Spoofing Adding new subnet behing Inside LAN - Address Spoofing
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-10-18
Junior Member
  
Join Date: 2007-09-27
Posts: 18
Rep Power: 0
BirdDog has an average reputation (10+)
Default Adding new subnet behind Inside LAN - Address Spoofing
Hello Folks,

This should be pretty easy but I'm a bit rusty.

I have a Nokia FW, 190 with 3 Interfaces. Inside, DMZ and Outside. Currently each only has one subnet and everything is working fine.

The Inside interface obviously plugs into a switch. The Inside LAN segment is, 192.168.10.0. I am adding/configuring inter-vlan Layer 3 switching on my switch. I want to also add a new subnet behind the switch.

Inside subnet = 192.168.10.0 / New subnet = 10.10.0.0. Topology is set for Inside at 192.168.10.0. I create the new VLAN on my switch.
Host DG = Switch for specific VLAN ID. Switch DG = FW. 0.0.0.0/24 next hop = 192.168.10.1

The 10 net hosts can ping the 192.168.10.0 net and vise versa. 192 net can go out to the Internet.

But the 10 net cannot go out of the FW...getting address spoofing. Where do I add/configure that subnet as an internal LAN or let the FW know about it.

Where do I configure the address spoofing for the new subnet? I will be adding more, so this is the test.

Also, I will need to add a route on the Nokia for Source = outside Dst = Inside for the new subnets right? AS I have 3 site-site VPN's.

thanks...BirdDog
Last edited by BirdDog; 2007-10-18 at 15:23.
Reply With Quote
  #2 (permalink)  
Old 2007-10-18
Senior Member
  
Join Date: 2007-02-07
Location: Halle (Saale)
Posts: 255
Rep Power: 2
dantro has an average reputation (10+)
Default Re: Adding new subnet behing Inside LAN - Address Spoofing
Too much information. Just go into the topology overview of the related checkpoint object. select the interface behind which these other networks are located at. click on edit. select the second tab. select internal interface and the network group that also contains your old as well as your new networks. install policy.
Reply With Quote
  #3 (permalink)  
Old 2007-10-19
Senior Member
  
Join Date: 2007-06-04
Posts: 1,070
Rep Power: 3
mcnallym has an average reputation (10+)
Default Re: Adding new subnet behing Inside LAN - Address Spoofing
For routing you just need to add static routes that point to the new internal subnets, and use the switch as the gateway address.

Once that is done then you can either just create a group and place the internal networks in that group and then under topology for the internal interface set to be specific and then specify the group.

Alternatively you can just do a get interfaces with topology on the gateway object after adding the routes and it will automatically create the topology config based on the routing table.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 23:51.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0