This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dahlinkj
Contributor
‎2022-06-18 01:35 PM
Jump to solution

Permitting internet on multiple networks

I have two vlans on my network, vlan 2 of 10.201.0.0/16 and vlan 3 of 10.50.0.0/24, however, traffic on vlan 2 on which the LAN (eth0) interface is directly connected to can access internet and vlan 3 which is added to (eth0) as an alias with the IP address on the 10.50.0.0/24 network is not accessing internet.

 

From the vlan 3 network, on the checkpoint, I cannot ping any client machine on the same network, however from the switch directly connected to the checkpoint firewall can ping the firewall and from firewall and computers on vlan 2 can ping each other.

 

I have permitted/accepted all traffic on both networks on 10.201.0.0/16 and 10.50.0.0/24 to  any/internet. but when I ping 8.8.8.8 from a computer on vlan 3, I get an error of "address spoofing". see the image of the error log attached .

I will appreciate your support on this.

 

Preview file
174 KB
0 Kudos
1 Solution

Accepted Solutions
dahlinkj
Contributor
‎2022-06-19 01:34 PM
In response to Sorin_Gogean
Jump to solution

Thanks Sorin, you gave me a hint and later on the error : address spoofing , was able to resolve it by disabling the spoofing option on the networks. 

View solution in original post

0 Kudos
6 Replies
genisis__
MVP Silver
MVP Silver
‎2022-06-18 01:39 PM
Jump to solution

why do you have an alias?

If two vlans are connected to the same physical interface then it should be two logical interfaces connected to a trunk. So when you do a topo update it should only see (as an example)  eth0.2 & eth0.3.

 

0 Kudos
dahlinkj
Contributor
‎2022-06-18 01:46 PM
In response to genisis__
Jump to solution

Hello genisis

Thanks for a prompt response, actually I would appreciate if you can share with me a tutorial on how to configure vlans or two logical interfaces on one interface connected to a trunk. I did configure an alias because I didn't know exactly what to do. 

much appreciated for your guide.

0 Kudos
Sorin_Gogean
Advisor
‎2022-06-18 02:11 PM
In response to dahlinkj
Jump to solution

Have a look on this and you should get the ideea how things are done.

Also some youtube videos, you can start from there.

 

Roughly, you get 2 or more interfaces in a bond, and on the bond you define the Vlans(sub-interfaces) .

 

Ty,

0 Kudos
dahlinkj
Contributor
‎2022-06-19 01:34 PM
In response to Sorin_Gogean
Jump to solution

Thanks Sorin, you gave me a hint and later on the error : address spoofing , was able to resolve it by disabling the spoofing option on the networks. 

0 Kudos
Sorin_Gogean
Advisor
‎2022-06-19 11:24 PM
In response to dahlinkj
Jump to solution

hello @dahlinkj ,

 

glad to be of help, still disabling Spoofing is not a GOOD option....

I would look into making Spoofing groups that we attach to the interfaces, and we manage that; or look into define the spoofing based on routing.

disabling Spoofing is not OK...

 

thank you,

0 Kudos
dahlinkj
Contributor
‎2022-06-19 11:46 PM
In response to Sorin_Gogean
Jump to solution

@Sorin 

I will appreciate  if you can share any info on this , best practice . 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events