https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151196#M24638 <P>Have a <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/VLAN-Interfaces.htm" target="_self">look on this</A> and you should get the ideea how things are done.</P> <P>Also some <A href="https://www.youtube.com/results?search_query=checkpoint+vlan+configuration" target="_self">youtube videos</A>, you can start from there.</P> <P>&nbsp;</P> <P>Roughly, you get 2 or more interfaces in a bond, and on the bond you define the Vlans(sub-interfaces) .</P> <P>&nbsp;</P> <P>Ty,</P> Sat, 18 Jun 2022 21:12:12 GMT Sorin_Gogean 2022-06-18T21:12:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151193#M24635 <P>I have two vlans on my network, vlan 2 of 10.201.0.0/16 and vlan 3 of 10.50.0.0/24, however, traffic on vlan 2 on which the LAN (eth0) interface is directly connected to can access internet and vlan 3 which is added to (eth0) as an alias with the IP address on the 10.50.0.0/24 network is not accessing internet.</P><P>&nbsp;</P><P>From the vlan 3 network, on the checkpoint, I cannot ping any client machine on the same network, however from the switch directly connected to the checkpoint firewall can ping the firewall and from firewall and computers on vlan 2 can ping each other.</P><P>&nbsp;</P><P>I have permitted/accepted all traffic on both networks on 10.201.0.0/16 and 10.50.0.0/24 to &nbsp;any/internet. but when I ping 8.8.8.8 from a computer on vlan 3, I get an error of "address spoofing". see the image of the error log attached .</P><P>I will appreciate your support on this.</P><P>&nbsp;</P> Sat, 18 Jun 2022 20:35:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151193#M24635 dahlinkj 2022-06-18T20:35:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151194#M24636 <P>why do you have an alias?</P> <P>If two vlans are connected to the same physical interface then it should be two logical interfaces connected to a trunk. So when you do a topo update it should only see (as an example)&nbsp; eth0.2 &amp; eth0.3.</P> <P>&nbsp;</P> Sat, 18 Jun 2022 20:39:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151194#M24636 genisis__ 2022-06-18T20:39:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151195#M24637 <P>Hello genisis</P><P>Thanks for a prompt response, actually I would appreciate if you can share with me a tutorial on how to configure vlans or two logical interfaces on one interface connected to a trunk. I did configure an alias because I didn't know exactly what to do.&nbsp;</P><P>much appreciated for your guide.</P> Sat, 18 Jun 2022 20:46:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151195#M24637 dahlinkj 2022-06-18T20:46:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151196#M24638 <P>Have a <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/VLAN-Interfaces.htm" target="_self">look on this</A> and you should get the ideea how things are done.</P> <P>Also some <A href="https://www.youtube.com/results?search_query=checkpoint+vlan+configuration" target="_self">youtube videos</A>, you can start from there.</P> <P>&nbsp;</P> <P>Roughly, you get 2 or more interfaces in a bond, and on the bond you define the Vlans(sub-interfaces) .</P> <P>&nbsp;</P> <P>Ty,</P> Sat, 18 Jun 2022 21:12:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151196#M24638 Sorin_Gogean 2022-06-18T21:12:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151215#M24642 <P>Thanks Sorin, you gave me a hint and later on the error :&nbsp;<SPAN>address spoofing , was able to resolve it by disabling the spoofing option on the networks.&nbsp;</SPAN></P> Sun, 19 Jun 2022 20:34:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151215#M24642 dahlinkj 2022-06-19T20:34:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151223#M24643 <P>hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/54321">@dahlinkj</a>&nbsp;,</P> <P>&nbsp;</P> <P>glad to be of help, still disabling Spoofing is not a GOOD option....</P> <P>I would look into making Spoofing groups that we attach to the interfaces, and we manage that; or look into define the spoofing based on routing.</P> <P>disabling Spoofing is not OK...</P> <P>&nbsp;</P> <P>thank you,</P> Mon, 20 Jun 2022 06:24:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151223#M24643 Sorin_Gogean 2022-06-20T06:24:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151224#M24644 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/31932">@Sorin</a>&nbsp;</P><P>I will appreciate &nbsp;if you can share any info on this , best practice .&nbsp;</P> Mon, 20 Jun 2022 06:46:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permitting-internet-on-multiple-networks/m-p/151224#M24644 dahlinkj 2022-06-20T06:46:07Z