topic Re: Checkpoint Bridge mode in Firewall and Security Management

Checkpoint Bridge mode

Sony_James — Tue, 22 Nov 2022 14:26:54 GMT

Checkpoint Firewall Cluster with OS version R81.10 with Latest Jumbo Hotfix installed

Topology

Internet Router --> L2 Switch (Internet Side)--> Checkpoint in Bridge mode --> Trent Micro IPS -- L2 Switch (LAN Side)

The deployment is successful but we are seeing MAC flapping messages on Internet L2 Switch for Router MAC.

Reason for MAC flap is Router MAC is getting Learned on Checkpoint connected port also. For resolving the issue we put static MAC entry on switch side.

For troubleshooting the issue we have taken capture on switch Firewall port and switch but we are not able to find the problematic MAC broadcast or ARP reply from Checkpoint interfaces.

Any suggestion how to troubleshot further

Re: Checkpoint Bridge mode

Chris_Atkinson — Tue, 22 Nov 2022 15:02:06 GMT

How is the L2 / STP elements of this topology configured?

Re: Checkpoint Bridge mode

Sony_James — Tue, 22 Nov 2022 15:07:50 GMT

On switch Side STP is enabled and we tried to disable also still same issue.

the switch Interface configured for Checkpoint connectivity is trunk port with Vlan 400 and 100 is passing through it. On checkpoint side we have not configured Vlan interface for bride. we have added physical interface on Checkpoint Bridge