Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Working with Bridge Mode

Check Point security devices support bridge interfaces that implement native, Layer-2 bridging. Bridge interfaces let network administrators deploy security devices in an existing topology without reconfiguring the IP routing scheme. This is an important advantage for large-scale, complex environments.

Configure Ethernet interfaces (including aggregated interfaces) on your Check Point security device to work like ports on a physical bridge. The interfaces then send traffic with Layer-2 addressing. You can configure some interfaces as bridge interfaces, while other interfaces on the same device work as Layer-3 devices. Traffic between bridge interfaces is inspected at Layer-2.

  • Bridge Mode is only supported with 2 interfaces.
  • BPDU forwarding is not supported with VLAN tagging. For more information, see Disabling BPDU Forwarding.
  • The 61000/41000 Security System does not support the Spanning Tree Protocol (STP) on configured bridges. The bridge interfaces forward Switch BPDU frames.
  • For UserCheck to work properly, the Bridge Group must use an IP on the same subnet as clients or routers that connect to the 61000/41000 Security System.

Related Topics

Working with Chassis High Availability in Bridge Mode
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print