Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
2
Replies

Mixture of PIX and Checkpoint firewall

s-ariga
Level 1
Level 1

‎02-05-2002 12:40 AM - edited ‎02-20-2020 09:58 PM

Dear ALL,

I have a PIX 515 F/W with one interface connected to the Internet and other to the inside network(172.16.0.0).Things are working fine.

Now I want to put a Database server which would be on a different network (10.1.10.0) and would be protected by a checkpoint firewall.

I have configured the checkpoint firewall on NT 4 with 2 interface one connected to our internal network(172.16.0.0) and one to network with the database server(10.1.10.0).I have setup the policy on the checkpoint firewall .The 172.16.0.0 segment users are able to acces the dbase server in 10.1.10.0 segment.

I want people from the internet to cnnectto the DB server .Can anyone explain what needs to be done the PIX 515 and the checkpoint to get this going.

thanks

SP

0 Helpful
2 Replies 2

rrbleeker
Level 1
Level 1

‎02-07-2002 08:20 AM

You have to setup the following on the PIX firewall:

- Setup a static route for the 10.1.10.0 network pointing to the CP firewall.

- Setup a static translation

- Modify your inbound access list to allow traffic to the DB server

0 Helpful

s-ariga
Level 1
Level 1
In response to rrbleeker

‎02-15-2002 09:32 PM

Thank you very much .It worked by doing what you said.

now the Routing table is as follows in my pix:

outside 0.0.0.0 0.0.0.0 x.x.x.x 2 OTHER static

inside 10.1.1.0 255.255.255.0 172.16.10.10 1 OTHER static

inside 172.16.0.0 255.255.0.0 172.16.0.1 1 CONNECT static

inside 172.16.10.0 255.255.255.0 172.16.10.10 1 OTHER static

outside x.x.x.x 255.255.255.x x.x.x.x 1 CONNECT static

I had to add "inside 172.16.10.0 255.255.255.0 172.16.10.10 1 OTHER static " to get the routing to work properly, though I fail to understand why this line is required.

Below is the interface details of PIX and checkpoint FW.

Also The users in the 172.16.0.0 segment are not able to speak to 10.1.1.0 255.255.255.0 segment until I put a static route to 10.1.1.0 segment in each PC ,this despite the fact that the PIX has a static entry to 10.1.1.0 segment and the default g/w of all the nodes in 172.16.0.0 segment is pix inside interace ie 172.16.0.1.Please this exlain this as well.

pix inside=172.16.0.0 255.255.0.0

PIx outisde=213.x.x.x x.x.x.x

checkpoint outside=172.16.10.10 255.255.0.0

checkpoint inside=10.1.1.1 255.255.255.0

Hope I have explained my problem properly which would be understood by someone I guess.

Thks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card