This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nicolas1984
Explorer
‎2019-10-11 02:49 AM

Bridge mode with security gateway 3100 - Possible?

Dear community,

I'm installing a new security appliance 3100 on one site of my company, that has 5 ports (eth1, ..., eth5).

eth1 is connected to WAN with a public IP address

eth2 is connected to LAN with a private IP address 192.168.33.254/24 and a DHCP server for LAN clients.

192.168.33.0/24 is part of a VPN domain. Everything works well with this configuration.

Now, as it's a very small site, I'd like to use eth3, eth4 & eth5 for my LAN network too, so I would not need to use an additional switch. I created a bridge called "br1" with IP address 192.168.33.254 and added eth2 & eth3 as members.

Since, I'm not able to do anything from eth2 or eth3. I can't get an IP address, I can't reach Internet (even with a static IP address). The SmartCenter logs have entry for dropped packets with reason "Missing OS route".

My questions are:

- Is this design really supported?

- Do you have any idea about what could prevent this design from working?

Thank you in advance for your suggestions.

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion
‎2019-10-11 10:33 AM

To be honest I would just buy a 5 port switch for 30 bucks and be done with it, spending more time on it is just not worth the effort.
I agree that it should work but it sounds like this is more a site that should be using a 14x0 instead, the LAN ports there can be setup as a switch, but indeed it is embedded, not full blown Gaia and when you need it...
Regards, Maarten
0 Kudos
Wolfgang
Authority
Authority
‎2019-10-11 02:23 PM

nicolas1984,

I think this can‘t work. If you put two interfaces in  bridge mode, the work as a normal bridge like a hardware bridge from the last century. You had then a small switch or better hub with two interfaces. Packets coming from one site of the bridge are forwarded to the other and vice versa. No routing is done, which you need if you want to go out to the internet.

Use a small switch and you‘ll be happy, or Martens idea for a 14xx appliance with LAN-Ports working as switch.

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-11 02:50 PM

You can only put two interfaces in a bridge.
More than that are not supported.
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-12 12:25 AM

There is one other option if you need the extra interfaces, just split your network into smaller chunks and setup DHCP on each separate network assigned to the different interfaces. Add a rule to allow these networks full access to each other and you are good to go.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top