Checkpoint NAT Configuration

Configure the firewall in the SMP

  • Once the firewall is connected to the service center, it will automatically donwload and install the newest firmware. Note that the firewall will reboot itself shortly after you put it online to reload into the new firmware.
  • The gateway ID should now be searchable in the SMP. ALL configurations are now done through centralized management. Search for the gateway and click the name once found to edit.
  • Assign an IP address to the inside interface of the firewall by clicking the Network tab, checkmark the 'Internal Networks' box at the top left. Now edit the LAN side by clicking on 'LAN'. Hide NAT and DHCP server should both be disabled.
  • To add the static NAT entries, click to Edit the gateway. Select the 'Security' tab.
  • Uncheck the "From Plan" checkbox in the right. (Note, this will remove the rule from the plan that allows us access to the firewall from our datacenter, as it is no longer needed.)
  • Near the bottom, click the 'Add' button for Network Objects
  • Here you can define the static NAT mappings for each IP address that belongs on the server.
  • Now you can setup the rules for the firewall above block clicking New for Local Security Policies.
  • Create three initial administrative allow rules. Create a new rule accepting ANY traffic from the WAN ranges below, to ANY LAN host;
70.84.160.0-70.84.160.255 
12.96.160.0-12.96.160.255
67.19.0.0-67.19.0.255

Don't forget to click Save on each respective page and when you are done configuring the firewall, through the SMP, you will want to click on the Status tab and then hit the 'Force Update' button or your changes will not be immediately pushed to the firewall.

Deployment

Deploy the firewall, remotely configure for centralized management.

  • Deploy the firewall and then navigate to http://<external firewall IP>/ and login
  • Click on Services and then 'Connect' next to Connect to a Service Center
  • Specify checkpoint-smp.dllstx2.theplanet.com as the Service Center, click Next.
  • Enter the corresponding Gateway ID, as well as the registration key from the SMP for the gateway.
  • Click finish, and Done.