Spark 1600 bridge mode can not work

oscar790806 · ‎2023-03-16

Hi Guys

My environment have one checkpoint 1600 appliance , It is setting bridge mode Lan1 & Lan2 & checkpoint 1600 using Central management to SMS

architecture is :

(internel)<---->(fortigate) < ----->(dlink_L2_swithch)<--------LAN2->( Checpoint_1600)<-LAN1--->(core_switch)

But. bridge port link up to switch after , internal core switch can not ping external fortigate . On the contrary fortigate can not ping core switch .

I try to fw monitor & zdebug + dorp display:

192.168.100.254 : is core switch IP
192.168.100.246 : is fortigat IP

1. fw monitor

[vs_0][fw_0] LAN1:o[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52099
ICMP: type=8 code=0 echo request id=3328 seq=3
[vs_0][fw_0] LAN1:O[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52099
ICMP: type=8 code=0 echo request id=3328 seq=3
[vs_0][fw_0] LAN2:i[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52100
ICMP: type=8 code=0 echo request id=3328 seq=4
[vs_0][fw_0] LAN2:I[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52100

2. zdebug + dorp : no drop info log

Is there any other solution?

G_W_Albrecht · ‎2023-03-16

I would involve TAC here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2023-03-16

Im no SMB expert by any means, but just to confirm 100%, the connection from 192.168.100.246 is supposed to come to LAN2 and then leaves on LAN1 going to 192.168.100.254?

Chris_Atkinson · ‎2023-03-16

Which firmware/build is used on the 1600 appliance and how is the interface topology / anti-spoofing defined?

CCSM R77/R80/ELITE

Are you a member of CheckMates?

Spark 1600 bridge mode can not work