- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Intervlan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Intervlan
Hi to all,
On my cp730 firewall I created some vlan, for example 201, 202,203 etc.
I need to configure vlan 202 so that it only sees itself and cannot see the others vLan.
Can you suggest me a way?
Thank You and Best Regards
Gaetano
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How could that be ? VLAN is used to separate Ethernet packets coming from the same IP/IF by tagging. Switches see the VLAN tags, but a VLAN can really see nothing...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi to All and thank You for feedback.
I will try to explain the problem better.
- I configured LAN3 on the Firewall as network, assigning it IP 192.168.201.254 and enabling the DHCP;
- On LAN3 I created two VLANs, the first 202 (192.168.202.254 and DHCP enabled) and the second 203 (192.168.203.254 and DHCP enabled).
- A POE switch is connected to this LAN and correctly takes an IP from the firewall; for example 192.168.201.1. Obviously on the switch was Tagged the port that connects to the Firewall.
- I connected two Access Points to ports 1 and 2 (tagged) of the switch; the two access points also take an IP from the firewall, for example 192.168.201.2 and 192.168.201.3.
- On each Access Point, I configured two SSIDs. I assigned the VLAN 202 to the first (WiFi-Mag) and the VLAN 203 to the second (WiFi-Guest).
- I connect successfully from a notebook or a mobile to each Wifi network. The IP assigned to the mobile device are respectively 192.168.202.xxx or 192.168.203.xxx
- The same vlan are configured on the switch.
And this is where the problematic part comes.
It's all right for the lan 202, but I need that the WiFi-guest 203 have only access to Internet and no browsing on the corporate network formed by 202 and other VLAN's configured on ports 1 and 2 of the firewall.
I hope I have been clearer and that someone can give me some indications.
Thank You and Best Regards
Gaetano
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not understand the question - if 192.168.203.xxx is not allowed to connect to the internal networks, why not make a rule to drop that traffic ? This is a firewall, after all 😎...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Albrecht,
This is exactly the point.
I am unfamiliar with this firewall (I approach for a short time to Check Point) and I ask for help to understand where and how to create this rule.
Otherwise where I can find a tutorial that will help me.
Gaetano
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://community.checkpoint.com/t5/How-To-Videos/bd-p/howto
Just make one thing very clear, a firewall will only allow traffic that you tell it to allow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the feedback, I will see the videos that will surely help me.
As this is a community, I provide the solution sent to me by Check Points technical assistance.
Could help other friends.
From Policy rule, "Incoming, internal and VPN" section create a rule with
- Source: the vLAN that has only access to Internet
- Destination: LAN network
- Action: Block
That's all, very very simple.😀
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not just read the documentation that explains this and much, much more ? CP_R77.20.80_1100_1200R_1400_Appliance_LocalAdminGuide