This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JaySon_2021
Contributor
‎2025-12-09 05:56 AM
Jump to solution

Quantum Spark - separate network allocation

I want to setup our Quantum Spark like a regular Gaia firewall. I have disabled the WAN and DMZ interfaces during setup. I now have LAN Switch 1 with all of my Ge ports listed. I cannot set an IP on any interface unless I set the Interface to 'Separate Network'.

Does 'the separate network' interface essentially accomplish what I want? Plain interfaces that I can configure as I wish. Or am I missing something?

As I do not need LAN Switch 1, can I just assign all interfaces to 'separate network' and do away with LAN Switch 1?

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-12-09 07:56 AM
Jump to solution

Yes, "separate network" is exactly what you're after here.

View solution in original post

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2025-12-10 04:17 PM
In response to JaySon_2021
Jump to solution

Yes, you can delete the LAN1 Switch to just use LAN1 port as an individual interface.
If LAN1_Switch already has an IP configured and delete it, the originally configured IP will be assigned to LAN1.
Afterwards you can use the IP that's already configured, or you can change it accordingly to your topology.

Note, Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2025-12-09 07:56 AM
Jump to solution

Yes, "separate network" is exactly what you're after here.

0 Kudos
JaySon_2021
Contributor
‎2025-12-09 07:59 AM
In response to PhoneBoy
Jump to solution

Awesome! Thanks for the reply.

I tried to assign Ge1 to 'separate network' but it complained that it was the pivot port for Lan Switch 1. Can I just delete Lan Switch 1 all together and then use Ge1?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-12-10 02:38 PM
In response to JaySon_2021
Jump to solution

I've never tried to do that and don't know if it's possible.
Even so, if you've assigned the other ports to "Separate Network" then there is no actual reason you need to delete it.

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2025-12-10 04:17 PM
In response to JaySon_2021
Jump to solution

Yes, you can delete the LAN1 Switch to just use LAN1 port as an individual interface.
If LAN1_Switch already has an IP configured and delete it, the originally configured IP will be assigned to LAN1.
Afterwards you can use the IP that's already configured, or you can change it accordingly to your topology.

Note, Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside.

0 Kudos
JaySon_2021
Contributor
‎2025-12-10 05:01 PM
In response to Tom_Hinoue
Jump to solution

Thanks Tom

When you say "Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside", isn't that done typically done via the topology config in the policy on the object?

Note that I have not gotten to the policy stage yet on the Quantum Sparks. I'm speaking to your response based on what I do in Smartconsole when I create/add a firewall object and change one interface in the topo to be external (Internet). Is it different on a locally managed Spark?

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2025-12-10 08:21 PM
In response to JaySon_2021
Jump to solution

Yes, for centrally managed Spark, if a internet connection is configured on the Spark device, than it should automatically be assigned as a External zone when fetching the topology in Smart Console.

The different part from Main Train is that the default gateway can only be configured in the Internet Connection and not the routing table.


I mentioned this because there "is" a way to configure default route in the routing table without configuring a internet connection on Spark, but I reckon that won't be officially supported in terms of topology and inspection. (Configuring Spark LAN interface as external interface).
You might want to consult with TAC about this if this is what you're trying to achieve.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events