https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242050#M12106 <P>I'm trying to clarify how the 1500 devices should work by default and if this behaviour should be the same in both locally and centrally managed mode. Unfortunately I don't have one in my lab to play with and what I'm seeing on different sites appears different.</P><P>The question relates to different networks on different LAN ports. You have LAN1 as 10.10.1.254/24 and LAN2 as 10.10.2.254/24, both using the gateway as their respective default gateways.</P><P>Should traffic route between them by default without adding and additional routes or access rules, and will it be inspected? Does this differ between locally and centrally managed boxes?</P><P>The documentation suggests it should not route. If I add a static route from one network to the other then it shows as "inactive" which suggests it's not required.</P> Sun, 23 Feb 2025 13:33:13 GMT StevePearson 2025-02-23T13:33:13Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242050#M12106 <P>I'm trying to clarify how the 1500 devices should work by default and if this behaviour should be the same in both locally and centrally managed mode. Unfortunately I don't have one in my lab to play with and what I'm seeing on different sites appears different.</P><P>The question relates to different networks on different LAN ports. You have LAN1 as 10.10.1.254/24 and LAN2 as 10.10.2.254/24, both using the gateway as their respective default gateways.</P><P>Should traffic route between them by default without adding and additional routes or access rules, and will it be inspected? Does this differ between locally and centrally managed boxes?</P><P>The documentation suggests it should not route. If I add a static route from one network to the other then it shows as "inactive" which suggests it's not required.</P> Sun, 23 Feb 2025 13:33:13 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242050#M12106 StevePearson 2025-02-23T13:33:13Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242055#M12107 <P>Routing should work subject to the relevant policies permitting the traffic flows.</P> <P>LAN to LAN traffic inspection is controlled via an advanced option for Spark appliances to help conserve resources.</P> <P>Device - Advanced - Advanced Settings: Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic (true|false)</P> <P>See also: <A href="https://support.checkpoint.com/results/sk/sk102296" target="_blank">https://support.checkpoint.com/results/sk/sk102296</A></P> Sun, 23 Feb 2025 14:06:58 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242055#M12107 Chris_Atkinson 2025-02-23T14:06:58Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242204#M12119 <P>You need an explicit access rule to allow the communication between LAN1 and LAN2.<BR />As both networks are "local" no additional routing configuration should be necessary.</P> Mon, 24 Feb 2025 22:14:41 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Quantum-Spark-1500-routing-and-traffic-inspection/m-p/242204#M12119 PhoneBoy 2025-02-24T22:14:41Z