https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/203979#M10168 <P>This option needs to be enabled (it's not by default):</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24205i5C51773404614B29/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Tue, 23 Jan 2024 15:26:19 GMT PhoneBoy 2024-01-23T15:26:19Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/203791#M10150 <P>Hi all,</P><P>&nbsp;</P><P>&nbsp;</P><P>Is me again.&nbsp;</P><P>I am trying to deploy the SMB as a bridge to project my network as a first-tier layer.</P><P>&nbsp;</P><P>The design is like this:</P><P>SMB uses Wan port to update UTM, Lan 3 and 4 are layer 2 and the connection like this:</P><P>The UTM feature on Fortigate is disabled already.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="design.PNG" style="width: 673px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24169iC89F8E9C73D068A8/image-size/large?v=v2&amp;px=999" role="button" title="design.PNG" alt="design.PNG" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>We find that:</P><P>IF both Lan 3 and 4 are under the same bridge, the UTM is NOT working.</P><P>IF both Lan 3 and 4 are under the same switch,&nbsp;the UTM is NOT working.</P><P>&nbsp;</P><P><STRONG>If we assign Lan 4 and 5 as one switch first, then assign the switch and Lan3 as the&nbsp;same bridge,&nbsp;the UTM is working now.</STRONG></P><P><STRONG>I wonder: why the hell with this design make things work?</STRONG></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="design2.PNG" style="width: 930px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24170i2651A47FB04CD064/image-size/large?v=v2&amp;px=999" role="button" title="design2.PNG" alt="design2.PNG" /></span></P> Mon, 22 Jan 2024 03:43:47 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/203791#M10150 MTS 2024-01-22T03:43:47Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/203979#M10168 <P>This option needs to be enabled (it's not by default):</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24205i5C51773404614B29/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Tue, 23 Jan 2024 15:26:19 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/203979#M10168 PhoneBoy 2024-01-23T15:26:19Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/204409#M10189 <P>So the Bridge mode will work with UTM after I enable this?</P><P>And that does not mean SSL inspection, right?</P> Mon, 29 Jan 2024 09:28:27 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/204409#M10189 MTS 2024-01-29T09:28:27Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/205396#M10228 <P>Any "UTM" features will require this feature to be enabled where two LAN interfaces are used.<BR />SSL Inspection would have to be configured separately (if applicable).</P> Wed, 07 Feb 2024 23:50:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Use-Checkpoint-SMB-as-Layer-2-Brdige-to-block-traffic/m-p/205396#M10228 PhoneBoy 2024-02-07T23:50:57Z