topic Re: Network segmentation on Appliance 1590 in Spark Firewall (SMB)

Network segmentation on Appliance 1590

Itdepartment — Wed, 29 Mar 2023 04:20:09 GMT

Hi all,

We have one network in office 192.168.50.0/24. I have the task of segmenting and dividing the network into vlans. The problem is that now this network is running on a checkpoint as switch and I cannot creat sub interfaces.

I can't create a separate network devices all our devices route go to 192.168.50.1

The only solution for me is to remove Lan 1 switch and create the same network 192.168.50.0/24 as seperate network, and create sub interfaces under it. Previously, I have already prepared the lan6 network as seperate network and created sub interfaces.

After deleting , I will lose access to the appliance via the web, go through the console cable and assign network 192.168.50.0/24 on Lan 6 and everything should work. The last time I did this, nothing happened, when I assigned this network 50.0 appliance wrote an error.

Are there any recommendations on how I can do this work correctly?

Re: Network segmentation on Appliance 1590

PhoneBoy — Wed, 29 Mar 2023 23:26:19 GMT

When you say VLANs, do you mean:

Trunking with another switch that also has VLANs
Different LANs (with different IPs) connected to the same appliance?

For either of the cases, it starts with removing specific ports from the switch:

You can then create a new switch and assign the ports to it.

Re: Network segmentation on Appliance 1590

Itdepartment — Thu, 30 Mar 2023 03:30:47 GMT

Now our network is 192.168.50.0/24, and all traffic from the switch comes in 1 vlan. On the switch, I created several vlans 92,93,99 and from the side of the switch I configured the uplink to the checkpoint as a trunk and skipped 1,92,93,99 vlan. The trunk (1,92,93,99 vlan) will come to the 6th port of the checkpoint. I have already prepared and created everything.

I will delete switch 1 (192.168.50.0) and change lan 6 to 192.168.50.0 and then I won’t have to change anything from the end devices side. Last time I didn’t manage to do this after I deleted switch1 and tried to give the network 192.168.50.0 to lan 6, the checkpoint swore at an error with the IP (I don’t remember the details since I did it during working hours).

Do you have any advice on what I'm doing wrong?

Re: Network segmentation on Appliance 1590

emmap — Thu, 30 Mar 2023 06:32:43 GMT

I believe it's not still not supported to have an IP address native on an interface and also use it as a trunk interface. So you if you want a native/access port on the device as well as the trunk port, you should do these on two separate interfaces.

Re: Network segmentation on Appliance 1590

Itdepartment — Thu, 30 Mar 2023 08:29:26 GMT

When I created and tested lan 6(192.168.24.1) along with its sub interfaces 6.92(192.168.23.1), 6.93(192.168.22.1) everything worked. And everything was one link, that is, only 1 cable came from my switch to lan 6, and at the same time, ports that were in 92 and 93 access vlanes received IP addresses 192.168.23.0 and 192.168.22.0. The only problem is that I need to keep the network 192.168.50.0, all our servers and business services are set to 192.168.50.0 (now this is the LAN1 switch). But when I delete lan 1 switch and prescribe the network 192.168.50.0 on lan6 it gives an error and it does not accept 192.168.50.0.

Any ideas?

Re: Network segmentation on Appliance 1590

emmap — Thu, 30 Mar 2023 08:51:00 GMT

It'll accept the config for access + trunk but it's not supported.

How are you adding 192.168.50.0 to LAN6, and what error are you getting?

Re: Network segmentation on Appliance 1590

Itdepartment — Thu, 30 Mar 2023 09:19:35 GMT

After removing Switch LAN1 (192.168.50.0), I tried to assign this network to LAN 6, I don’t remember the error itself, something related to IP

Re: Network segmentation on Appliance 1590

PhoneBoy — Thu, 30 Mar 2023 18:49:36 GMT

Actual screenshots of error messages would help.
(Blur out any sensitive details)