This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
MVP Silver
MVP Silver
Monday

Check Point Firewall: Configuring a Layer 2 Bridge (Transparent Firewall)

In today’s video, we configure a Check Point Gaia R82 Security Gateway to operate as a Layer 2 Bridge. This setup allows the firewall to inspect traffic transparently between two switches without changing a single IP address in the network.

5 Replies
the_rock
MVP Platinum
MVP Platinum
Monday

Excellent!

Best,
Andy
0 Kudos
cyberserge
Explorer
Wednesday

Thank you! I was looking for L2 transparent firewall setup before. Wish this great gem was released earlier!
Although I'm still puzzled why bridge interface still need an assigned IP address.
Do we just assign any random not-is-use IP address?

0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to cyberserge

Worth noting that while you can have multiple bridges, only have one bridge with an IP: https://support.checkpoint.com/results/sk/sk180302 
Which means it's not strictly necessary, though the gateway will likely need Internet access through a different interface.

0 Kudos
cyberserge
Explorer
Wednesday
In response to cyberserge

A follow up question: does it need L2 device before and after the bridge? Can it be L3 device?
An example would be: inserting Check Point gateway in L2 Bridge mode between edge firewall and router

0 Kudos
Moudar
MVP Silver
MVP Silver
Thursday
In response to cyberserge

Yes, I think you can. It’s worth testing it in a lab.

You can insert a Check Point bridge between two Layer 3 devices (like an edge firewall and a router).

The bridge acts as a "transparent wire." The edge firewall and the router stay in the same IP subnet and talk to each other directly.

You get security inspection, without having to change any IP addresses or routing tables on your existing equipment.

Both L3 devices must be on the same broadcast domain (same subnet) so they can "see" each other via ARP through the bridge.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events