Dynamic DNS (DDNS) is a service that automatically checks for updated IP addresses for a website, server, or application. While DDNS is often associated with home use, it’s also implemented by businesses that provide services that don’t have static IPs. DDNS can be used for a variety of purposes, such as email, ftp, web, and game servers, or virtual private networks (VPNs), and security cameras.
2. Network Diagram
This article will guide you how to configure and create a DDNS domain name used to access Checkpoint Firewall remotely outside the internal network.
Step 1: Create a DDNS domain name.
There are many DDNS service providers on the market, but because Checkpoint only supports DDNS of NO-IP and DynDns providers, in this article we will use NO-IP’s service. You can refer to the steps to register an account on google.
After logging into your account, you need to create a hostname. Ex: vnpcheckpointvcf.ddns.net – IP: 115.78.xx.xx.
Next you need to create a username on your NO-IP account to configure authentication on Checkpoint.
Step 2: Configure DDNS on Checkpoint.
On the administrative interface of Checkpoint Firewall > Device > System > DDNS & Device Access.
Click on “Connect to the Appliance by name from the Internet (DDNS)“.
Fill in the information:
Provider: choose No-ip
Username: Enter the Username created on the no-ip account.
Password: Enter the login password of the no-ip account.
Hostname: Enter the created hostname.
Checkpoint Firewall default connection port is 4434, so we need to open (Port forwarding) this Port on the modem. You configure as shown below.
To check if the port has been opened successfully or not, you can visit the some website to check.
Remote Address: 115.78.xx.xx – Port number: 4434 > Check.
“Port 4434 is open on 115.78.xx.xx” you have successfully opened the port.
Step 3: Check the connection.
You use a device outside the local network, connected to the Internet. Open a browser and enter the hostname “vpncheckpointvcf.ddns.net:4434”.
Result of successful connection to checkpoint firewall.
Note: In addition, Checkpoint also supports remote connection built into Checkpoint Firewall.
Under DDNS & Device Access > Reach My Device.
Click on “Allow connections to…or firewall“. Click Apply.
Show the message “Connected” you have enabled Reach My Device feature.
You Copy the Web link: “https://gw7f….com“. To check the connection, you also use a device outside the local network, connected to the Internet. Open a browser and paste the web address above.
Result of successful connection to Firewall.
In addition, you can also configure Firewall with CLI interface, copy and paste CLI link “https://gw7f9….com”.
Successfully connecting Firewall with CLI interface.