1

I have a server with address 80.39.X.X that I want to give access to another server range in my network: 10.1.16.0/24.

They are both in my network, behind a Checkpoint firewall.

When I try to reach this server from one of the others, I get a drop on a rule in the firewall that we have set that states: 

Any Source, to any destination, any traffic on any service will be dropped.

This is a rule we have to have, since this is for a costumer.

What I'm not sure about is what rule should I set above this rule, to give the servers with 10.1.16.0/24 access to my 80.39.X.X server?

dawud
  • 14,918
  • 3
  • 41
  • 61
h_k_8_6
  • 11
  • 1
  • 1
    I didn't know that costumers need special rules. Is this the same for milliners and haberdashers? – Tom O'Connor Aug 15 '13 at 09:59
  • 1
    Umm... how about 10.1.16.0/24 to 80.39.x.x ANY traffic ALLOW? I mean seriously, do you have any clue as to how to create a firewall rule and what type of rule you need to create? – joeqwerty Aug 15 '13 at 13:41

1 Answers1

0

The Check Point firewall rules are matched sequentially in order (as in most of the firewalls). If you put any rule after

Any Source, to any destination, any traffic on any service will be dropped.

the rule will not apply. In fact during policy verification the management server will show you an error message that the added rule is hidden by the any drop rule.

You have to add the following rule before the any drop rule:

source: 80.39.x.x; destination: 10.1.16.0/24; service: any; action: allow

Of course you can make the destination range smaller as needed and the services can be limited as needed.

pabouk - Ukraine stay strong
  • 216
  • 1
  • 7
  • 14