- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Local network settings - Meraki switch connection
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local network settings - Meraki switch connection
CP1800, Firmware R81.10, Smart-1 cloud managed
I'm looking for thoughts on the best way to configure a Checkpoint appliance for a Meraki switch network.
I am planning to replace all the Dell switches at one of our large sites; the existing network is a tiered design, so I have OSPF configured on the main core switch to distribute routes to the Checkpoint.
The Dell switch is the main routed core for the network, and the internet uplink is configured as the default route for the network.
I have CP LAN1 configured for the local network access, and the connected switch port is configured as access mode on the core switch.
All pretty straight-forward, however the issue I have discovered is that Meraki 's management network IP address must be separate from the Internet uplink transit network IP address, so I'll have to configure the Checkpoint accordingly.
I am comfortable with the switch config, but I have limited exposure to Checkpoints so I am looking for advise on the best way to connect and configure the Meraki internet uplink - whether that would be separate LAN interfaces, VLAN port, Bridge, etc?
So my options (I think) are as follows:
1. Leave existing LAN1 config for internet access from the Meraki network, and add a second LAN connection for the Meraki Management
Or,
2. Remove the existing config from port LAN1 and recreate as a new VLAN port, with VLANs for management and internet access
I want to try to keep things as simple as possible, so rightly or wrongly, my preference would be to keep the 2 VLANs physically separate with dedicated LAN connections, rather than creating a VLAN trunk
Can anyone suggest or recommend the best way to configure this?
Appreciate any help
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can take one of the LAN ports and assign it to a different network.
Or you can use the DMZ port for this (if you're not already using it).
In any case, you can remove the LAN port from the LAN1 switch here (click on Edit):
Then you can create a new switch/bridge, assign the network/mask, and add the port to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can take one of the LAN ports and assign it to a different network.
Or you can use the DMZ port for this (if you're not already using it).
In any case, you can remove the LAN port from the LAN1 switch here (click on Edit):
Then you can create a new switch/bridge, assign the network/mask, and add the port to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thank you for the reply.
I am I'm already using my DMZ for guest network access, so it looks like I will have to remove a LAN port to achieve what I require.
I assume that i will have to create firewall rules to allow traffic between these LAN segments, but in what situation would I create a bridge rather than 2 switches?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you will have to create rules.
Use cases for bridges include:
- Operating as a Layer 2 firewall (bridging WAN and LAN port, for instance)
- Having WiFi and LAN ports on the same network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you again - I tested separating the LAN ports as you advised, and it's working as expected 🙂
I also appreciate the info re bridges - we don't have any wireless models so that was confusing me a bit, but the examples you have given make sense now.