Checkpoint Static Route
252 views
Skip to first unread message
fitz
May 9, 2006, 10:45:24 PM5/9/06
to Checkpoint FW-1/VPN
Greetings,
I am trying to setup a static route on a Checkpoint firewall NG R55.
I am trying to setup a static route on a Checkpoint firewall NG R55.
Scenario:
Internal LAN 172.16.0.0/21
fw (def gateway) 172.16.2.1
rtr to new off 172.16.7.254
rtr AT new off 172.18.7.254
new office LAN 172.18.0.0/21
I have added the static route in the Nokia Voyager of the firewall.
within Checkpoint I have:
created a network 172.18.0.0/21
created a rule to allow all traffic bi-directional between
172.16.0.0/21 and 172.18.0.0/21
At a workstation on the 172.16 LAN I try to ping 172.18.7.254 (router
on the 172.18 LAN)
The packets are dropped by the firewall with a message in the FW log
"Address Spoofing"
If I set the static route on the local workstation everything is fine
as it bypasses the firewall.
Any ideas as to what else I need to do?
Thanks much!
-fitz
Eddie Espino
May 17, 2006, 1:45:05 AM5/17/06
to Checkpoint FW-1/VPN
Within SmartDashboard, Under checkpoint nodes edit your firewall object
go to topology. Within the properties of your internal adapter go to
the topology tab and define the networks behind that interface. any
network that is behind a FW1 interface needs to be define here. Make a
group called something like Grp_Behind_Eth1 and add all of your
internal networks to that group. Then go put that group in the
interface topolgy tab. Push policy!
go to topology. Within the properties of your internal adapter go to
the topology tab and define the networks behind that interface. any
network that is behind a FW1 interface needs to be define here. Make a
group called something like Grp_Behind_Eth1 and add all of your
internal networks to that group. Then go put that group in the
interface topolgy tab. Push policy!
hth
-Eddie Espino.
Reply all
Reply to author
Forward
0 new messages