topic Re: Quantum Spark - separate network allocation in Spark Firewall (SMB)

Quantum Spark - separate network allocation

JaySon_2021 — Tue, 09 Dec 2025 13:56:49 GMT

I want to setup our Quantum Spark like a regular Gaia firewall. I have disabled the WAN and DMZ interfaces during setup. I now have LAN Switch 1 with all of my Ge ports listed. I cannot set an IP on any interface unless I set the Interface to 'Separate Network'.

Does 'the separate network' interface essentially accomplish what I want? Plain interfaces that I can configure as I wish. Or am I missing something?

As I do not need LAN Switch 1, can I just assign all interfaces to 'separate network' and do away with LAN Switch 1?

Re: Quantum Spark - separate network allocation

PhoneBoy — Tue, 09 Dec 2025 15:56:10 GMT

Yes, "separate network" is exactly what you're after here.

Re: Quantum Spark - separate network allocation

JaySon_2021 — Tue, 09 Dec 2025 15:59:04 GMT

Awesome! Thanks for the reply.

I tried to assign Ge1 to 'separate network' but it complained that it was the pivot port for Lan Switch 1. Can I just delete Lan Switch 1 all together and then use Ge1?

Re: Quantum Spark - separate network allocation

PhoneBoy — Wed, 10 Dec 2025 22:38:55 GMT

I've never tried to do that and don't know if it's possible.
Even so, if you've assigned the other ports to "Separate Network" then there is no actual reason you need to delete it.

Re: Quantum Spark - separate network allocation

Tom_Hinoue — Thu, 11 Dec 2025 00:17:49 GMT

Yes, you can delete the LAN1 Switch to just use LAN1 port as an individual interface.
If LAN1_Switch already has an IP configured and delete it, the originally configured IP will be assigned to LAN1.
Afterwards you can use the IP that's already configured, or you can change it accordingly to your topology.

Note, Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside.

Re: Quantum Spark - separate network allocation

JaySon_2021 — Thu, 11 Dec 2025 01:01:18 GMT

Thanks Tom

When you say "Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside", isn't that done typically done via the topology config in the policy on the object?

Note that I have not gotten to the policy stage yet on the Quantum Sparks. I'm speaking to your response based on what I do in Smartconsole when I create/add a firewall object and change one interface in the topo to be external (Internet). Is it different on a locally managed Spark?

Re: Quantum Spark - separate network allocation

Tom_Hinoue — Thu, 11 Dec 2025 04:21:20 GMT

Yes, for centrally managed Spark, if a internet connection is configured on the Spark device, than it should automatically be assigned as a External zone when fetching the topology in Smart Console.

The different part from Main Train is that the default gateway can only be configured in the Internet Connection and not the routing table.

I mentioned this because there "is" a way to configure default route in the routing table without configuring a internet connection on Spark, but I reckon that won't be officially supported in terms of topology and inspection. (Configuring Spark LAN interface as external interface).
You might want to consult with TAC about this if this is what you're trying to achieve.