This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Itdepartment
Explorer
‎2023-03-28 09:20 PM

Network segmentation on Appliance 1590

Hi all,

We have one network in office 192.168.50.0/24. I have the task of segmenting and dividing the network into vlans. The problem is that now this network is running on a checkpoint as switch and I cannot creat sub interfaces.

 

Снимок экрана 2023-03-16 113330.png

I can't create a separate network devices all our devices route go to 192.168.50.1

The only solution for me is to remove Lan 1 switch and create the same network 192.168.50.0/24 as seperate network, and create sub interfaces under it. Previously, I have already prepared the lan6 network as seperate network and created sub interfaces.

Снимок экрана 2023-03-16 113836.png

After deleting , I will lose access to the appliance via the web, go through the console cable and assign network 192.168.50.0/24 on Lan 6 and everything should work. The last time I did this, nothing happened, when I assigned this network 50.0 appliance wrote an error.

Are there any recommendations on how I can do this work correctly?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2023-03-29 04:26 PM

When you say VLANs, do you mean:

  • Trunking with another switch that also has VLANs
  • Different LANs (with different IPs) connected to the same appliance?

For either of the cases, it starts with removing specific ports from the switch:

image.png

You can then create a new switch and assign the ports to it.

0 Kudos
Itdepartment
Explorer
‎2023-03-29 08:30 PM
In response to PhoneBoy

Now our network is 192.168.50.0/24, and all traffic from the switch comes in 1 vlan. On the switch, I created several vlans 92,93,99 and from the side of the switch I configured the uplink to the checkpoint as a trunk and skipped 1,92,93,99 vlan. The trunk (1,92,93,99 vlan) will come to the 6th port of the checkpoint. I have already prepared and created everything.

Снимок экрана 2023-03-16 113836.png

I will delete switch 1 (192.168.50.0) and change lan 6 to 192.168.50.0 and then I won’t have to change anything from the end devices side. Last time I didn’t manage to do this after I deleted switch1 and tried to give the network 192.168.50.0 to lan 6, the checkpoint swore at an error with the IP (I don’t remember the details since I did it during working hours). 

Do you have any advice on what I'm doing wrong?

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-03-29 11:32 PM
In response to Itdepartment

I believe it's not still not supported to have an IP address native on an interface and also use it as a trunk interface. So you if you want a native/access port on the device as well as the trunk port, you should do these on two separate interfaces.

0 Kudos
Itdepartment
Explorer
‎2023-03-30 01:29 AM
In response to emmap

When I created and tested lan 6(192.168.24.1) along with its sub interfaces 6.92(192.168.23.1), 6.93(192.168.22.1) everything worked. And everything was one link, that is, only 1 cable came from my switch to lan 6, and at the same time, ports that were in 92 and 93 access vlanes received IP addresses 192.168.23.0 and 192.168.22.0. The only problem is that I need to keep the network 192.168.50.0, all our servers and business services are set to 192.168.50.0 (now this is the LAN1 switch). But when I delete lan 1 switch and prescribe the network 192.168.50.0 on lan6 it gives an error and it does not accept 192.168.50.0.

Any ideas?

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-03-30 01:51 AM
In response to Itdepartment

It'll accept the config for access + trunk but it's not supported.

How are you adding 192.168.50.0 to LAN6, and what error are you getting? 

0 Kudos
Itdepartment
Explorer
‎2023-03-30 02:19 AM
In response to emmap

After removing Switch LAN1 (192.168.50.0), I tried to assign this network to LAN 6, I don’t remember the error itself, something related to IP

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-30 11:49 AM
In response to Itdepartment

Actual screenshots of error messages would help.
(Blur out any sensitive details)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events