Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

checkpoint installation dilemna

Status
Not open for further replies.
ccie2b2004

ccie2b2004

MIS
May 7, 2002
86
US
hello everyone,
tek-tip forums are awesome,
I am writing to you because i am in a quandry.
As an intern in nyc , i find myself having great difficulties installing checkpoint 4.1 on the network here at work.
I began by installing checkpoint on a machine with windows 2000 advanced server with two nics.
I obtained a routable ip from the firms isp .
I configured the top or first nic with the external routable ip
and the second nic with an internal ip address.I connected the isp line internet cable to the top nic with the external routable ip and a straight ethernet cable to a 3com switch, which then connects to a bunch of hubs to rest of the firms network.
I created a network object,the firewall itself,
as well as one workstation. When i clicked on the get address while creating these networks objects checkpoint was able to get the correct ip addresses.
I created a simply policy :(source) fireawll computer,destination (workstation),any,any,all,gateway,.I installed the policy .
Hoewever the workstation is not able to access the internet,i am not able to allow internet traffic to that workstation.Someone told me that by default Checkpoint blocks all traffic.Can anyone out there spare a few moments to help me get on the right track.
I know time is precious, especially in the it field, so anyones advice would be fantastic.
Good luck to everyone!!!
God Bless America!!!!
 
Sort by date Sort by votes
The best diagnostic tool you have is the firewall logs.
also using the built in wizard is usefull for building default rules (File -New)

The first test i woukldusualy do is configure the firewall machine (before installing FW-1) is to see if it works as a gateway.
connect a machine into internal port via crossover cable of hub
rune tracert to the external router (or known device on outside)

This tests the routing first..

2nd to test the connection from the firewall set a rule
Source Destination service action Track
Firewall any http accept log

then see if you can access webservers from the firewall

you will alson need a rule for the workstation to access the internet
Source Destination service action Track
Workstation any http,https accept Log

Also make sure you have a stealth rule should be 1st rule (this stops connections to your firewall)
Source Destination service action Track
any firewall any drop

And a catch all rule
(this is a rule so you can log all trafic that doesnt comply to any rules)
Source Destination service action Track
any any any drop log

All these rules will be created if you use a wizard

If you need more help or explanations just post.
 
Upvote 0 Downvote
Have you got internet connectivity from the firewall itself?

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
122
mattbarkerlfc
mattbarkerlfc
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
86
J001
J001
NileshB
  • Locked
  • Question
Restarting Checkpoint IP290 firewall and smartcentre
Replies
0
Views
110
NileshB
NileshB
J001
  • Locked
  • Question
Checkpoint NAT question
Replies
0
Views
82
J001
J001
testman1
  • Locked
  • Question
CheckPoint UTM-1 Edge X Port Forwarding
Replies
0
Views
64
testman1
testman1

Part and Inventory Search

Sponsor

Back
Top