This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AngusM
Explorer
Friday

Local network settings - Meraki switch connection

CP1800, Firmware R81.10, Smart-1 cloud managed

I'm looking for thoughts on the best way to configure a Checkpoint appliance for a Meraki switch network.

I am planning to replace all the Dell switches at one of our large sites;  the existing network is a tiered design, so I have OSPF configured on the main core switch to distribute routes to the Checkpoint.

The Dell switch is the main routed core for the network, and the internet uplink is configured as the default route for the network.

I have CP LAN1 configured for the local network access, and the connected switch port is configured as access mode on the core switch.

All pretty straight-forward, however the issue I have discovered is that Meraki 's management network IP address must be separate from the Internet uplink transit network IP address,  so I'll have to configure the Checkpoint accordingly.

I am comfortable with the switch config, but I have limited exposure to Checkpoints so I am looking for advise on the best way to connect and configure the Meraki internet uplink - whether that would be separate LAN interfaces, VLAN port, Bridge, etc?

So my options (I think) are as follows:

1. Leave existing LAN1 config for internet access from the Meraki network, and add a second LAN connection for the Meraki Management

Or,

2. Remove the existing config from port LAN1 and recreate as a new VLAN port, with VLANs for management and internet access

I want to try to keep things as simple as possible, so rightly or wrongly, my preference would be to keep the 2 VLANs physically separate with dedicated LAN connections, rather than creating a VLAN trunk

 

Can anyone suggest or recommend the best way to configure this?

Appreciate any help

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
4 hours ago

You can take one of the LAN ports and assign it to a different network.
Or you can use the DMZ port for this (if you're not already using it).
In any case, you can remove the LAN port from the LAN1 switch here (click on Edit):

image.png

Then you can create a new switch/bridge, assign the network/mask, and add the port to it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events