This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Check07090
Participant
‎2022-10-03 08:52 AM
Jump to solution

VLAN in CHeckpoint 1590

Hi Team,

I have a checkpoint quantum spark 1590 locally managed firewall. I am setting up VLAN since number of devices has been approx. 500 and only one physical network is laid in the office.

What I understood from the documentation that multiple VLANs can be setup on same physical port lets say port 8. So I created a new VLAN over Port 8 and set the following

vlan id as 101

local network port as LAN 8

Assigned to as Separate Network

Ipv4 address as 192.168.10.1

Subnet as 255.255.255.0

DHCP disabled

Now I connected a laptop with LAN 8 with static IP as 192.168.10.2 with subnet mask as 255.255.255.0. But the network is not discoverable and no internet access is being showed. (Firewall has been set as Standard)

Can any one please guide me that can multiple VLANs be setup on single physical port  ...? and what I am doing wrong here...

Thanks in advance 🙂

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-04 09:54 AM
In response to Check07090
Jump to solution

If you assign a VLAN to a port, the device that is plugged into that port must be configured to accept VLAN tagged packets.
In other words, it's meant to be used with another switch configured with the same VLANs.
Windows machines (and likely other clients) can be set to utilize a specific VLAN tag, but it requires manual configuration.

It sounds like you just want LAN8 on a different network.
There is no need to configure a VLAN in this case, just assign the port to a different network:

image.png

Note that if you want multiple LAN ports on the same network, you will need to create a switch, define the network settings there, and then assign the relevant ports to it.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2022-10-03 09:21 AM
Jump to solution

Provide screenshots showing your precise configuration on Port 8.

Note if a port has multiple VLANs associated with it, it's considered a trunk port and therefore whatever plugs in must be VLAN aware.
For any VLANs you create, you must also create explicit access rules.

0 Kudos
Check07090
Participant
‎2022-10-03 10:01 PM
In response to PhoneBoy
Jump to solution

I have configured a port in checkpoint 1590 where default network 192.168.1.x is working ok on port 2.

Now I want to configure VLANs (192.168.10.x  192.168.20.x  192.168.30.x .....) on single port 8 so multiple networks can work simultaneously on one single physical port 8. Below the screen shot (attached) where I have configured VLAN over port 8 and assigned IP range to VLAN with 192.168.10.1/24 and connected a laptop with CAT 6 cable on port 8. But the laptop (192.168.10.2/24) is showing unidentified network. I have also set the policies for incoming as well as outgoing network. Please note that I do not have any other managed switch apart from firewall.

Please let me know what I am doing wrong here...

 

 

Check.png
Preview file
31 KB
Screenshot 2022-10-04 212631.png
Preview file
70 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-04 09:54 AM
In response to Check07090
Jump to solution

If you assign a VLAN to a port, the device that is plugged into that port must be configured to accept VLAN tagged packets.
In other words, it's meant to be used with another switch configured with the same VLANs.
Windows machines (and likely other clients) can be set to utilize a specific VLAN tag, but it requires manual configuration.

It sounds like you just want LAN8 on a different network.
There is no need to configure a VLAN in this case, just assign the port to a different network:

image.png

Note that if you want multiple LAN ports on the same network, you will need to create a switch, define the network settings there, and then assign the relevant ports to it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top