CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: AWS Checkpoint with DMZ

  1. #1
    Join Date
    2016-11-09
    Posts
    7
    Rep Power
    0

    Default AWS Checkpoint with DMZ

    Hi,

    I've been using https://supportcenter.checkpoint.com...ionid=sk104418 as a reference for standing up Checkpoint in Amazon Web Services. However; it doesn't seem to have instructions for setting up a DMZ in AWS.

    If you assign an Elastic IP to an AWS web server,AWS sends all traffic straight to that web server bypassing Checkpoint. Route Tables will not allow you to send the traffic to Checkpoint first.

    I could have multiple private IP addresses on the external interface, with a corresponding EIP for each one, but then I have to start building VLANs, which I will be trying next.

    Has anyone done a DMZin AWS, and how did you do it?

    THX,
    Pete

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: AWS Checkpoint with DMZ

    The Elastic IPs have to be assigned to the Check Point instance, not the individual web server instances.
    The IPs will be associated with private addresses that are NOT configured in Gaia OS.
    NAT rules will be configured for these private addresses to the specific instances.

    This is covered in the Getting Started Guide for AWS: http://downloads.checkpoint.com/dc/d...d.htm?ID=45816
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2016-11-09
    Posts
    7
    Rep Power
    0

    Default Re: AWS Checkpoint with DMZ

    That worked fine. It was a little weird juggling two private IP addresses and one public instead of one of each.

    Thank you.

Similar Threads

  1. Checkpoint to checkpoint VPN and management server
    By carl_t in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 6
    Last Post: 2016-03-16, 08:14
  2. How to backup checkpoint through CLI in Nokia IP330 + Checkpoint NG FP1
    By stuart in forum Check Point Backup Procedures
    Replies: 0
    Last Post: 2007-04-05, 05:47
  3. Checkpoint to non-Checkpoint Config needed
    By lowfell in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2007-03-27, 12:25

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •