https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199835#M33379 <P>In general it means a given bridge e.g. br1 is comprised of two interfaces "1A" and "1B"</P> <P>To help could you please clarify your diagram some...</P> <P>Is there only one subnet between the Layer-3 switch and the routers shown or is each on it's own subnet / VLAN?</P> Wed, 06 Dec 2023 08:57:31 GMT Chris_Atkinson 2023-12-06T08:57:31Z https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199831#M33378 <P>Hello Team,</P><P>We're thinking of a IPS configuration for monitering IoT communication and PC communication.</P><P>If Quantum is installed between L3SW and L2Sw as an IPS, is it possible to configure it as follows?</P><P>I would like to run Quantum in bridge mode (L2), but since the URL below says "Important - Only two interfaces can be connected by one Bridge interface", I don't think it can meet the requirements in bridge mode, am I right?</P><P>If you know of any best practices or proven methods using checkpoints, please let me know.</P><P>Thank you in advance.</P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sample.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23552iBEAA09D87476065E/image-size/medium?v=v2&amp;px=400" role="button" title="sample.PNG" alt="sample.PNG" /></span></P> Wed, 06 Dec 2023 08:14:24 GMT https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199831#M33378 TSOL 2023-12-06T08:14:24Z https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199835#M33379 <P>In general it means a given bridge e.g. br1 is comprised of two interfaces "1A" and "1B"</P> <P>To help could you please clarify your diagram some...</P> <P>Is there only one subnet between the Layer-3 switch and the routers shown or is each on it's own subnet / VLAN?</P> Wed, 06 Dec 2023 08:57:31 GMT https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199835#M33379 Chris_Atkinson 2023-12-06T08:57:31Z https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199850#M33381 <P>Thank you for the reply.</P><P>Our environment aggregates routing to L3SW. Therefore, the router, L3SW, IOT devices and computers at the headquarters belong to the same network. Of course, branches have different networks.　</P><P><SPAN>The diagram is shown below.</SPAN></P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sample2.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23555iAE8AC07BC4FA0B09/image-size/medium?v=v2&amp;px=400" role="button" title="sample2.PNG" alt="sample2.PNG" /></span></P><P> </P><P>&nbsp;</P> Wed, 06 Dec 2023 09:40:35 GMT https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199850#M33381 TSOL 2023-12-06T09:40:35Z https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199854#M33384 <P><SPAN>We have to be wary of double inspecting any traffic flows, so with this in mind the only potential solution that comes to mind involves additional cabling and running the firewall as VSX to partition the segments.</SPAN></P> <P>Suggest engaging your local SE to help you validate possible options and engage with solution center if needed.</P> <P>By contrast implementing the links to the routers via an intermediate switch helps from a plumbing perspective but creates a visibility issue.</P> Wed, 06 Dec 2023 11:00:34 GMT https://community.checkpoint.com/t5/General-Topics/About-Checkpoint-s-Bridge-Mode-Constraints/m-p/199854#M33384 Chris_Atkinson 2023-12-06T11:00:34Z