This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2023-12-06 12:14 AM
Jump to solution

About Checkpoint's Bridge Mode Constraints

Hello Team,

We're thinking of a IPS configuration for monitering IoT communication and PC communication.

If Quantum is installed between L3SW and L2Sw as an IPS, is it possible to configure it as follows?

I would like to run Quantum in bridge mode (L2), but since the URL below says "Important - Only two interfaces can be connected by one Bridge interface", I don't think it can meet the requirements in bridge mode, am I right?

If you know of any best practices or proven methods using checkpoints, please let me know.

Thank you in advance.

 

sample.PNG

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-12-06 03:00 AM
In response to TSOL
Jump to solution

We have to be wary of double inspecting any traffic flows, so with this in mind the only potential solution that comes to mind involves additional cabling and running the firewall as VSX to partition the segments.

Suggest engaging your local SE to help you validate possible options and engage with solution center if needed.

By contrast implementing the links to the routers via an intermediate switch helps from a plumbing perspective but creates a visibility issue.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
3 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-12-06 12:54 AM
Jump to solution

In general it means a given bridge e.g. br1 is comprised of two interfaces "1A" and "1B"

To help could you please clarify your diagram some...

Is there only one subnet between the Layer-3 switch and the routers shown or is each on it's own subnet / VLAN?

CCSM R77/R80/ELITE
0 Kudos
TSOL
Advisor
‎2023-12-06 01:40 AM
In response to Chris_Atkinson
Jump to solution

Thank you for the reply.

Our environment aggregates routing to L3SW. Therefore, the router, L3SW, IOT devices and computers at the headquarters belong to the same network. Of course, branches have different networks. 

The diagram is shown below.

 

sample2.PNG

 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-12-06 03:00 AM
In response to TSOL
Jump to solution

We have to be wary of double inspecting any traffic flows, so with this in mind the only potential solution that comes to mind involves additional cabling and running the firewall as VSX to partition the segments.

Suggest engaging your local SE to help you validate possible options and engage with solution center if needed.

By contrast implementing the links to the routers via an intermediate switch helps from a plumbing perspective but creates a visibility issue.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events