topic Local network settings - Meraki switch connection in Spark Firewall (SMB)

Local network settings - Meraki switch connection

AngusM — Fri, 28 Jun 2024 11:36:11 GMT

CP1800, Firmware R81.10, Smart-1 cloud managed

I'm looking for thoughts on the best way to configure a Checkpoint appliance for a Meraki switch network.

I am planning to replace all the Dell switches at one of our large sites; the existing network is a tiered design, so I have OSPF configured on the main core switch to distribute routes to the Checkpoint.

The Dell switch is the main routed core for the network, and the internet uplink is configured as the default route for the network.

I have CP LAN1 configured for the local network access, and the connected switch port is configured as access mode on the core switch.

All pretty straight-forward, however the issue I have discovered is that Meraki 's management network IP address must be separate from the Internet uplink transit network IP address, so I'll have to configure the Checkpoint accordingly.

I am comfortable with the switch config, but I have limited exposure to Checkpoints so I am looking for advise on the best way to connect and configure the Meraki internet uplink - whether that would be separate LAN interfaces, VLAN port, Bridge, etc?

So my options (I think) are as follows:

1. Leave existing LAN1 config for internet access from the Meraki network, and add a second LAN connection for the Meraki Management

Or,

2. Remove the existing config from port LAN1 and recreate as a new VLAN port, with VLANs for management and internet access

I want to try to keep things as simple as possible, so rightly or wrongly, my preference would be to keep the 2 VLANs physically separate with dedicated LAN connections, rather than creating a VLAN trunk

Can anyone suggest or recommend the best way to configure this?

Appreciate any help

Re: Local network settings - Meraki switch connection

PhoneBoy — Mon, 01 Jul 2024 15:45:02 GMT

You can take one of the LAN ports and assign it to a different network.
Or you can use the DMZ port for this (if you're not already using it).
In any case, you can remove the LAN port from the LAN1 switch here (click on Edit):

Then you can create a new switch/bridge, assign the network/mask, and add the port to it.

Re: Local network settings - Meraki switch connection

AngusM — Tue, 02 Jul 2024 09:19:45 GMT

Hi, thank you for the reply.

I am I'm already using my DMZ for guest network access, so it looks like I will have to remove a LAN port to achieve what I require.

I assume that i will have to create firewall rules to allow traffic between these LAN segments, but in what situation would I create a bridge rather than 2 switches?

Regards

Re: Local network settings - Meraki switch connection

PhoneBoy — Wed, 03 Jul 2024 13:36:53 GMT

Yes, you will have to create rules.
Use cases for bridges include:

Operating as a Layer 2 firewall (bridging WAN and LAN port, for instance)
Having WiFi and LAN ports on the same network

Re: Local network settings - Meraki switch connection

AngusM — Thu, 11 Jul 2024 10:53:47 GMT

Thank you again - I tested separating the LAN ports as you advised, and it's working as expected 🙂

I also appreciate the info re bridges - we don't have any wireless models so that was confusing me a bit, but the examples you have given make sense now.