This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2025-04-05 04:45 PM
Jump to solution

Traffic Tagged

Hi, Mates.

Do Check Point devices support MPLS labeled traffic?

I have a need to be able to perform filtering on some network segments, but the detail is that these segments are labeled as they are part of an L3 VPN MPLS environment.

Our box is in an MPLS network, specifically in the middle of 2 Routers part of an MPLS network (1 P, and 1PE), and the traffic that is intended to be filtered for example segments like 110.130.x.x/24, are segments that are labeled in the network.

Our box is in the middle of the Routers working as if it were a SW (Mode Bridge), with the objective of performing access control to applications and websites.

Is it possible for CP to control MPLS labeled traffic?

Thanks for your comments.

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2025-04-05 05:23 PM
Jump to solution

Check Point does not support MPLS tagged traffic.

You'd need to break out the traffic for inspection.

CCSM R77/R80/ELITE

View solution in original post

6 Replies
Chris_Atkinson
Employee Employee
Employee
‎2025-04-05 05:23 PM
Jump to solution

Check Point does not support MPLS tagged traffic.

You'd need to break out the traffic for inspection.

CCSM R77/R80/ELITE
Matlu
Advisor
‎2025-04-05 05:29 PM
In response to Chris_Atkinson
Jump to solution

Is there any official documentation that talks about this?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2025-04-05 06:46 PM
In response to Matlu
Jump to solution

MPLS is not listed on the datasheet if that's what you are asking.

Otherwise its a case of needing the traffic to arrive to and traverse the Firewall in a manner / format we can inspect.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2025-04-06 06:42 AM
Jump to solution

Hey bro,

I could not find any official doc about it, but below is what AI Copilot gave me.

Andy

Yes, Check Point supports MPLS tagged traffic. In some network topologies, a clear-text MPLS link (encryption is not required) is deployed in addition to an encrypted Internet link between Check Point VPN Gateways. Customers can configure certain services to be routed through the MPLS link in clear-text, while other services are forwarded encrypted through the Internet link.

For more detailed information, you can refer to the article on how to create a redundant, service-based MPLS/Encrypted Link VPN here.

Learn more:
  1. sk56384 - How To Create a Redundant, Service-based MPLS/Encrypted Link VPN
  2. sk160512 - Is mLACP protocol supported with Check Point products?
  3. sk119314 - Long-Term Evolution (LTE) - FAQ
  4. sk106741 - Traffic with multiple VLAN tags on a packet does not pass through Check Point Security Ga...
  5. sk42943 - Check Point support for Data Link Switching (DLSw) protocol
  6. sk110096 - "Invalid number: 1. Not in range 2..4094" error when configuring VLAN in Gaia Clish
  7. sk41961 - Does Check Point Anti-Spam and Email Security quarantine messages?
  8. sk167215 - What does Check Point PRO suppo
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2025-04-06 03:01 PM
In response to the_rock
Jump to solution

This is not correct in the stated context.

MPLS as a telco would operate over their backbone is different than the end carriage service consumers might commonly refer to as MPLS.

CCSM R77/R80/ELITE
the_rock
Legend
Legend
‎2025-04-06 03:16 PM
In response to Chris_Atkinson
Jump to solution

Thats fair Chris!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events