Extending Subnet

[jsmwalker]

Hi,

Before I go much further I have only just started using Checkpoint, used to Cisco and various other firewalls, but struggling a little with this, basically we have our internal LAN set us 192.168.139.0 (255.255.255.0) However we are running short of IP's, so thought an easy answer would be to change subnet to 255.255.254.0 which should then cover 192.168.138.0 - 192.168.139.255, although the checkpoint accepts this, anything on the 192.168.138.0-255 range does not get any connection through the firewall.

Any ideas? We are running NGX R60

J

[BarryStiefel]

Quote:

Originally Posted by jsmwalker

Hi,

Before I go much further I have only just started using Checkpoint, used to Cisco and various other firewalls, but struggling a little with this, basically we have our internal LAN set us 192.168.139.0 (255.255.255.0) However we are running short of IP's, so thought an easy answer would be to change subnet to 255.255.254.0 which should then cover 192.168.138.0 - 192.168.139.255, although the checkpoint accepts this, anything on the 192.168.138.0-255 range does not get any connection through the firewall.

Any ideas? We are running NGX R60

J

Have you updated the topology on the object representing your Security Gateway after changing the underlying topology?

[chillyjim]

Also make sure you have updated the "inside network" object so that it is hiding the 192.168.138.0/23 network and not just the 192.168.139.0/24 network.

[jsmwalker]

Hi

Thanks for that, ok what I have changed is the subnet on the interface, and also the internal LAN network address, however I think you maybe onto something, when I go to get Topology on Interfaces it returns still 192.168.139.0 255.255.255.0 not 255.255.254.0, however I have no idea how to update this....

J

[abusharif]

Quote:

Originally Posted by jsmwalker

Hi

Thanks for that, ok what I have changed is the subnet on the interface, and also the internal LAN network address, however I think you maybe onto something, when I go to get Topology on Interfaces it returns still 192.168.139.0 255.255.255.0 not 255.255.254.0, however I have no idea how to update this....

J

Fetch topology/interfaces gather interfaces as they are configured in the OS.
Have you changed the subnet mask on the actual interface (network connection) in the operating system? If no, do that and it will fetch it correctly. If you already did that, then cpstop cpstart can sometimes solve this and then get topoligy/interface via smartdashboard again.

[jsmwalker]

Excellent, forgot there is an underlying OS, all done and working.

Cheers for that.

J