This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2025-02-28 06:01 AM

FW in L2

Hello,

We have a FW that we want to work in transparent mode, to avoid making sudden changes in our network.

We have enabled 2 fiber interfaces (Eth1-1 and Eth1-2) in bridge mode, which we understand is the way to make the FW work in L2.

The intention is that the FW only performs web filtering to the LAN of our headquarters.

Some questions

Is it necessary to pull the topology from the SmartConsole, and should the Interfaces that are in bridge mode also be seen from here?

If we only want the appliance to perform web filter control to the LAN, is it necessary to have the FW blade of our appliance enabled?

FW: R82 - JHF 10

Thank you for your answers.

0 Kudos
38 Replies
the_rock
Legend
Legend
‎2025-03-12 11:25 AM
In response to Martin_Raska

@Matlu 

See what I attached. 

@Martin_Raska Funny enough, even when I get topology, I do NOT see the bridge interface listed there, which corresponds with what you said as well.

Andy

Preview file
65 KB
Preview file
14 KB
Preview file
39 KB
0 Kudos
Matlu
Advisor
‎2025-03-12 11:30 AM
In response to the_rock

Buddy,

If you have 2 Routers.

R1 ----- R2, and you put in between, a CP to work as L2 with a couple of interfaces, why is it “necessary” to configure an IP to the br interface?

This does not alter the actual network topology of the customer at the network configuration level?

Regards

0 Kudos
the_rock
Legend
Legend
‎2025-03-12 11:56 AM
In response to Matlu

Its not, see my screenshots.

Andy

0 Kudos
Matlu
Advisor
‎2025-03-12 12:08 PM
In response to the_rock

The documentation in step #6 instructs us to configure an IP on the bridge interface, and that is confusing.

The TAC also indicates that I have to configure an IP in the Bridge interface, really, it is very confusing.

Exactly what IP should be configured in this bridge interface, if what we want is to avoid changes in the current topology.

0 Kudos
the_rock
Legend
Legend
‎2025-03-12 01:50 PM
In response to Matlu

I know its confusing : (

I would verify with TAC, but what @Martin_Raska pointed out is indeed true.

Andy

the_rock
Legend
Legend
‎2025-03-12 07:01 PM
In response to Matlu

I will do some more R82 testing tomorrow for bridge mode.

Andy

Matlu
Advisor
‎2025-03-12 07:08 PM
In response to the_rock

It has already worked.
I have not configured any IP in the Interface bridge.
The 2 interfaces chosen are only part of the br1 and nothing else.
Our problem has been related to SecureXL.
The whole problem has been focused on this feature of the box.
Something totally crazy. 😵💫😱

the_rock
Legend
Legend
‎2025-03-12 07:17 PM
In response to Matlu

Yea, bit odd I would say as well.

Andy

0 Kudos
Martin_Raska
Advisor
Advisor
‎2025-03-13 01:04 AM
In response to the_rock

Thing is also what IP should be configured in BR interface, because in the limitations of the Bridge is that ADQ is the only supported method to get identities, hmm ok,

  • From which interface will run the GW that ADQ?
  • From which interface will run LDAP search?
  • BR with IP? Mgmt? any ideas?
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events