This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Pukas
Participant
‎2018-11-26 12:34 PM

Secondary IP address on a network inteface - SMB

Is it possible to configure a secondary IP address on a network interface on a SMB? Under the 'Supported and Unsupported Features' section in sk105380 article 'Alias / Secondary IP address' states that it is supported for both Centrally and Locally managed SMBs, but I can not find the syntax to configure in CLI or by using the Web GUI.

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2018-11-26 07:55 PM

What's the specific use case here?

0 Kudos
Daniel_Pukas
Participant
‎2018-11-27 01:09 PM
In response to PhoneBoy

The client would like to move the layer 3 interface which contains 3 subnets from a switch to the newly installed gateway

0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-27 09:08 PM
In response to Daniel_Pukas

The SK says this is NOT supported for ALL appliances (including SMB)

If you need to support multiple subnets, you need to one of:

  • Create a virtual switch for each subnet and assign a LAN port to that switch
  • Create a VLAN trunk on one LAN port and trunk it with a switch port with the same configuration
0 Kudos
Daniel_Pukas
Participant
‎2018-11-27 09:42 PM
In response to PhoneBoy

Update from SR 3-0641449281

"The feature requested is not possible and we have edited sk105380 as not supported."

G_W_Albrecht
MVP Silver
MVP Silver
‎2018-11-27 01:21 AM

According to sk89980: Support for Sub-interfaces / Alias IP address / Secondary IP address in Check Point product..., support of Alias / Secondary IP is very limited in GAiA:

Gaia OS supports the configuration of Secondary IP addresses only on single Security Gateways. In all other releases/configurations (e.g., ClusterXL, Dynamic Routing), the use of Secondary IP addresses is not officially supported. If the physical machine does not have enough physical interfaces, then VLAN interfaces should be configured.

So i do not think that this is supported on GAiA Embedded without these limitations - if supported at all, maybe the sk105380 is rather speaking of VLANs...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Daniel_Pukas
Participant
‎2018-11-27 01:12 PM
In response to G_W_Albrecht

I suspect it is not supported in GAiA embedded, I have a TAC case raised to confirm, currently with R&D

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-12-07 12:49 AM
In response to Daniel_Pukas

Thank you for having that confirmed !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Steffen_Appel
Advisor
‎2021-04-07 05:19 AM

It is supported on the new SMB device (1500, 1600, 1800): https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Jimmyktran
Explorer
‎2021-09-09 01:22 PM
In response to Steffen_Appel

I have the new SMB 1500m1600 and 1800.  I'm not sure if this is an option for trunking multiple VLAN to one interface.  We need this function, and the past gateway was able to do this.  If this is an option, there is nothing to tell us how to do this.  Please help, we just purchase a lot of this gateway, but if the feature is not there, then there will be an issue.   

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-09 01:59 PM
In response to Jimmyktran

Yes, this is supported.
In my lab, I have multiple VLANs trunked to my DMZ interface.
You have to create each one and assign the relevant networks/settings to it.
https://sc1.checkpoint.com/documents/SMB_R80.20.30/AdminGuides/Locally_Managed/EN/Topics/Configuring...

0 Kudos
Steffen_Appel
Advisor
‎2021-09-24 07:06 AM
In response to Jimmyktran

Yes we have used VLAN-trunking on the SMB devices.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events