Configuring Internet Connection Types

You must configure a primary Internet connection, and you can configure a secondary one. When High Availability is activated, if there is a failover on the primary Internet connection, then the Small Office Appliance starts to use the secondary Internet connection.

These are the Internet connections:

  • Static IP - A fixed (non-dynamic) IP address.

    You can configure an Internet connection with a static IP address.

    1. From the Devices window, double-click the Small Office Appliance network object.

      The Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. window opens.

    2. Select the Internet tab.

    3. Select Use the following settings. The Internet connection settings open.

    4. Configure the primary Internet connection type:

      1. Select Enable Primary Internet Connection.

      2. Select whether the primary Internet connection is on the WAN or DMZ.

      3. From Connection Type, select Static IP.

    5. Click Configure.

      The Primary Internet Configuration window for the Static IP Internet connection type opens.

    6. In the IP Settings section, enter these IP address parameters:

      • IP Address

      • Subnet Mask

      • Default Gateway

    7. In the DNS section, enter the IP addresses for the DNS servers.

    8. In the WAN Port Settings section, enter these interface settings:

      • To configure the MTU (Maximum Transmission Unit) for the Internet connection, enter the new MTU value.

        Note - For a DMZ interface, the MTU value is applied to all LAN ports.

      • To assign a MAC address to the Internet connection, select Override MAC Address and enter the MAC address.

      • To configure the bandwidth for the Internet connection, select the appropriate option from Link speed/Duplex.

    9. From the Advanced section, you can select Use ICMP to monitor connection status (see Configuring ICMP).

    10. Click OK.

  • DHCP - Dynamic Host Configuration Protocol (DHCP) automatically issues IP addresses within a specified range to devices on a network.

    You can configure an Internet connection that uses DHCP to automatically assign IP addresses.

    1. From the Devices window, double-click the Small Office Appliance network object.

      The Security Gateway window opens.

    2. Select the Internet tab.

    3. Select Use the following settings. The Internet connection settings open.

    4. Configure the primary Internet connection type:

      1. Select Enable Primary Internet Connection.

      2. Select whether the primary Internet connection is on the WAN or DMZ.

      3. From Connection Type, select Obtain IP Address Automatically (DHCP).

    5. Click Configure.

      The Primary Internet Configuration window for the DHCP Internet connection type opens.

    6. In the WAN Port Settings section, enter these interface settings:

      • To configure the MTU (Maximum Transmission Unit) for the Internet connection, enter the new MTU value.

        Note - For a DMZ interface, the MTU value is applied to all LAN ports. .

      • To assign a MAC address to the Internet connection, select Override MAC Address and enter the MAC address.

      • To configure the bandwidth for the Internet connection, select the appropriate option from Link speed/Duplex.

    7. From the Advanced section, you can select Use ICMP to monitor connection status (see Configuring ICMP).

    8. Click OK.

  • PPPoE - A network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used mainly with DSL services where individual users connect to the DSL modem over Ethernet and in plain Metro Ethernet networks

    Note - It is not possible to configure internet connection over DSL for 1100, 1430, 1450 appliances using SmartProvisioningClosed Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM..

    You can configure an Internet connection that uses PPPoE protocol.

    1. From the Devices window, double-click the Small Office Appliance network object.

      The Security Gateway window opens.

    2. Select the Internet tab.

    3. Select Use the following settings. The Internet connection settings open.

    4. Configure the primary Internet connection type:

      1. Select Enable Primary Internet Connection.

      2. Select whether the primary Internet connection is on the WAN or DMZ.

      3. From Connection Type, select Point-to-Point Protocol over Ethernet (PPPoE).

    5. Click Configure.

      The General tab of the Primary Internet Configuration window for the PPPoE Internet connection type opens.

    6. Enter these settings for your Internet Service Provider:

      • User Name

      • Password

    7. In the WAN Port Settings section, enter these interface settings:

      • To configure the MTU (Maximum Transmission Unit) for the Internet connection, enter the new MTU value.

      Note - For a DMZ interface, the MTU value is applied to all LAN ports.

      • To assign a MAC address to the Internet connection, select Override MAC Address and enter the MAC address.

      • To configure the bandwidth for the Internet connection, select the appropriate option from Link speed/Duplex.

    8. Click OK.

    You can configure the advanced settings for a PPPoE Internet connection. The advanced settings allow you to configure:

    • IP settings for the tunnel

    • How the Internet connection is started and maintained

    1. From the Primary Internet Configuration window for PPPoE, select Advanced.

      The Advanced PPPoE window opens.

    2. In the Local Tunnel IP Assignment section, enter these settings for the PPPoE tunnel:

      • Obtain IP Address Automatically - The IP address for the PPPoE tunnel is automatically configured (default setting).

      • Use the Following IP Address - Enter the static IP address that is used for the PPPoE tunnel.

    3. In the Connection Method section, configure how the Small Office Appliance uses the PPPoE Internet connection:

      • Auto Connect - The Small Office Appliance automatically establishes a PPPoE connection to the Internet.

      • Connect on Demand - The Small Office Appliance Gateway establishes a PPPoE connection to the Internet when required.

      • Disconnect Idle Time - Enter the number of maximum number of idle minutes before the PPPoE Internet connection is disconnected.

    4. In the Monitor Connections section, enter the PPPoE Echo requests settings:

      • Monitor Connection Status Every - Enter how often, in seconds, that PPPoE Echo requests are sent to the server.

      • Assume Connection is Down After - Enter the maximum number of failed PPPoE Echo requests before the PPPoE server is considered down.

      • From the Advanced section, you can select Use ICMP to monitor connection status (see Configuring ICMP).

    5. Click OK.

  • PPTP - The Point-to-Point Tunneling Protocol (PPTP) is a method for implementation of virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

  • L2TP - Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide privacy.

    1. From the Devices window, double-click the Small Office Appliance network object.

      The Security Gateway window opens.

    2. Select the Internet tab.

    3. Select Use the following settings. The Internet connection settings open.

    4. Configure the primary Internet connection type:

      1. Select Enable Primary Internet Connection.

      2. Select whether the primary Internet connection is on the WAN or DMZ.

      3. From Connection Type, select Point-to-Point Tunneling Protocol over Ethernet (PPTP) or Layer 2 Tunneling Protocol (L2TP).

    5. Click Configure.

      The General tab of the Primary Internet Configuration window for the Internet connection type opens.

    6. Enter these settings for your Internet Service Provider:

      • Server Host Name or IP Address

      • ISP Login User Name

      • ISP Login Password

    7. In the WAN Port Settings section, enter these interface settings:

      • To configure the MTU (Maximum Transmission Unit) for the Internet connection, enter the new MTU value.

        Note - For a DMZ interface, the MTU value is applied to all LAN ports. .

      • To assign a MAC address to the Internet connection, select Override MAC Address and enter the MAC address.

      • To configure the bandwidth for the Internet connection, select the appropriate option from Link speed/Duplex.

    8. Click OK.

    You can configure the advanced settings for a PPTP or L2TP Internet connection. The advanced settings allow you to configure:

    • IP settings for the tunnel and the WAN

    • How the Internet connection is started and maintained

    1. From the Primary Internet Configuration window for PPTP or L2TP, select Advanced.

      The Advanced settings open.

    2. In the Local Tunnel IP Assignment section, enter the settings for the tunnel:

      • Obtain IP Address Automatically - The IP address for the tunnel is automatically configured (default setting).

      • Use the Following IP Address - Enter the static IP address that is used for the tunnel.

    3. In the WAN IP Assignment section, enter the IP address settings for the WAN:

      • Obtain IP Address Automatically - The IP address for the WAN is automatically configured (default setting).

      • Use the Following IP Address - Configure these settings for the WAN IP address:

        • IP Address

        • Subnet Mask

        • Default Gateway

    4. In the Connection Method section, configure how Small Office Appliance uses the PPTP or L2TP Internet connection:

      • Auto Connect - Small Office Appliance automatically establishes a PPTP or L2TP connection to the Internet.

      • Connect on Demand - Small Office Appliance establishes a PPTP or L2TP connection to the Internet when required.

      • Disconnect Idle Time - Enter the number of maximum number of idle minutes before the PPTP or L2TP Internet connection is disconnected.

    5. In the Monitor Connections section, enter the Echo request settings:

      • Monitor Connection Status Every - Enter how often (in seconds) that Echo requests are sent to the server.

      • Assume Connection is Down After - Enter the maximum number of failed Echo requests before the server is considered down.

      • From the Advanced section, you can select Use ICMP to monitor connection status (see Configuring ICMP).

    6. Click OK.

When you have enabled both Internet connections, you can configure High Availability to revert back to the primary Internet connection.

You can configure the ICMP (Internet Control Message Protocol) settings for the Internet connection. You can specify servers that receive ICMP requests to monitor the status of the Internet connection. If you enabled High Availability, the Small Office Appliance can activate the other Internet connection when necessary.

  1. From the Devices window, double-click the Small Office Appliance.

    The Security Gateway window opens.

  2. Select the Internet tab.

  3. From the required Internet connection, click Configure.

    The Internet Configuration window is opens.

  4. From the Advanced section or tab, select Use ICMP to monitor connection status.

  5. Click Configure.

    The ICMP Settings window opens.

  6. To monitor a server:

    1. Click Add.

    2. Enter the host name or IP address of the server.

    3. Repeat these steps for all the servers that are monitored.

    4. Select Send ICMP requests to the following servers.

  7. To monitor the default gateway, select Send ICMP requests to default gateway.

  8. Enter these ICMP connection monitoring settings:

    1. Interval Between - Enter the number of seconds between each ICMP request.

    2. Failover After - Enter the maximum number of failed ICMP requests. When High Availability is active, after an ICMP failover the other Internet connection becomes active.

    3. Resume Requests After - Enter the number of seconds after an ICMP failover that ICMP requests are resumed.

  9. Click OK.