When I run zdebug I could not see any drop. Smartlog show just showing log of mgmt interface.
Why do you think it won't work with a single interface? After all, that's what LACP is for. Even with a single interface, LACP will ensure that packets pass through one line.
The key point here is whether Check Point interferes with L2 traffic. For example, if it can only recognize IPv4, IPv6, and ARP traffic but not all traffic types, then that might be a reason for LACP not to work. Otherwise, I don’t see why it shouldn’t work. We can discuss this further
May be following solution will be help me, what about think?
Allow / Drop Ethernet Frames with Specific Protocols
By default, Security Gateway in the Bridge mode allows Ethernet frames that carry protocols other than IPv4 (0x0800), IPv6 (0x86DD), or ARP (0x0806) protocols.
Starting in R77.10, administrators can configure a Security Gateway in the Bridge mode to accept or drop Ethernet frames that carry specific protocols.
Note: In a cluster environment, this procedure must be performed on all members of the cluster.
Which Ethernet frames should be allowed/dropped | Instructions |
Allow Ethernet frames only with IPv4, IPv6, and ARP protocols | - Add this line to the $FWDIR/boot/modules/fwkern.conf file (spaces are not allowed):
fwaccept_unknown_protocol=0
- Reboot the Security Gateway.
|
Allow Ethernet frames with any protocol (other than IPv4, IPv6, or ARP) (default) | - Add this line to the $FWDIR/boot/modules/fwkern.conf file (spaces are not allowed):
fwaccept_unknown_protocol=1
- Reboot the Security Gateway.
|