Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Pukas
Participant

Secondary IP address on a network inteface - SMB

Is it possible to configure a secondary IP address on a network interface on a SMB? Under the 'Supported and Unsupported Features' section in sk105380 article 'Alias / Secondary IP address' states that it is supported for both Centrally and Locally managed SMBs, but I can not find the syntax to configure in CLI or by using the Web GUI.

0 Kudos
11 Replies
PhoneBoy
Admin
Admin

What's the specific use case here?

0 Kudos
Daniel_Pukas
Participant

The client would like to move the layer 3 interface which contains 3 subnets from a switch to the newly installed gateway

0 Kudos
PhoneBoy
Admin
Admin

The SK says this is NOT supported for ALL appliances (including SMB)

If you need to support multiple subnets, you need to one of:

  • Create a virtual switch for each subnet and assign a LAN port to that switch
  • Create a VLAN trunk on one LAN port and trunk it with a switch port with the same configuration
0 Kudos
Daniel_Pukas
Participant

Update from SR 3-0641449281

"The feature requested is not possible and we have edited sk105380 as not supported."

G_W_Albrecht
Legend
Legend

According to sk89980: Support for Sub-interfaces / Alias IP address / Secondary IP address in Check Point product..., support of Alias / Secondary IP is very limited in GAiA:

Gaia OS supports the configuration of Secondary IP addresses only on single Security Gateways. In all other releases/configurations (e.g., ClusterXL, Dynamic Routing), the use of Secondary IP addresses is not officially supported. If the physical machine does not have enough physical interfaces, then VLAN interfaces should be configured.

So i do not think that this is supported on GAiA Embedded without these limitations - if supported at all, maybe the sk105380 is rather speaking of VLANs...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Daniel_Pukas
Participant

I suspect it is not supported in GAiA embedded, I have a TAC case raised to confirm, currently with R&D

0 Kudos
G_W_Albrecht
Legend
Legend

Thank you for having that confirmed !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Steffen_Appel
Advisor

Jimmyktran
Explorer

I have the new SMB 1500m1600 and 1800.  I'm not sure if this is an option for trunking multiple VLAN to one interface.  We need this function, and the past gateway was able to do this.  If this is an option, there is nothing to tell us how to do this.  Please help, we just purchase a lot of this gateway, but if the feature is not there, then there will be an issue.   

0 Kudos
PhoneBoy
Admin
Admin

Yes, this is supported.
In my lab, I have multiple VLANs trunked to my DMZ interface.
You have to create each one and assign the relevant networks/settings to it.
https://sc1.checkpoint.com/documents/SMB_R80.20.30/AdminGuides/Locally_Managed/EN/Topics/Configuring...

0 Kudos
Steffen_Appel
Advisor

Yes we have used VLAN-trunking on the SMB devices.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events