Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
oscar790806
Contributor

Spark 1600 bridge mode can not work

Hi Guys

        My environment have one checkpoint 1600 appliance , It is setting bridge mode Lan1 & Lan2  & checkpoint 1600 using Central management to SMS

architecture is :

(internel)<---->(fortigate) < ----->(dlink_L2_swithch)<--------LAN2->( Checpoint_1600)<-LAN1--->(core_switch)

But. bridge port link up to switch after , internal core switch can not ping external fortigate . On the contrary fortigate can not ping core switch .

I try to fw monitor & zdebug + dorp display:

192.168.100.254 : is core switch IP
192.168.100.246 : is fortigat IP

1. fw monitor

[vs_0][fw_0] LAN1:o[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52099
ICMP: type=8 code=0 echo request id=3328 seq=3
[vs_0][fw_0] LAN1:O[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52099
ICMP: type=8 code=0 echo request id=3328 seq=3
[vs_0][fw_0] LAN2:i[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52100
ICMP: type=8 code=0 echo request id=3328 seq=4
[vs_0][fw_0] LAN2:I[44]: 192.168.100.246 -> 192.168.100.254 (ICMP) len=84 id=52100

2. zdebug + dorp : no drop info log 

Is there any other solution?

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend

I would involve TAC here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Im no SMB expert by any means, but just to confirm 100%, the connection from 192.168.100.246 is supposed to come to LAN2 and then leaves on LAN1 going to 192.168.100.254?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Which firmware/build is used on the 1600 appliance and how is the interface topology / anti-spoofing defined?

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events