Deploying a Single Security Gateway or ClusterXL in Bridge Mode
Introduction to Bridge Mode
If you cannot divide the existing network into several networks with different IP addresses, you can install a Check Point Security Gateway
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. (or a ClusterXL) in the Bridge Mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology..
A Security Gateway (or ClusterXL) in Bridge Mode is invisible to Layer 3 traffic.
When traffic arrives at one of the bridge subordinate interfaces, the Security Gateway (or Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members) inspects it and passes it to the second bridge subordinate interface.
Example Topology for a single Security Gateway in Bridge Mode
|
Item |
Description |
|---|---|
|
1 |
Network, which an administrator needs to divide into two Layer 2 segments. The Security Gateway in Bridge Mode connects between these segments. |
|
2 |
First network segment. |
|
3 |
Switch that connects the first network segment to one bridged subordinate interface (4) on the Security Gateway in Bridge Mode. |
|
4 |
One bridged subordinate interface (for example, |
|
5 |
Security Gateway in Bridge Mode. |
|
6 |
Another bridged subordinate interface (for example, |
|
7 |
Dedicated Gaia |
|
8 |
Switch that connects the second network segment to the other bridged subordinate interface (6) on the Security Gateway in Bridge Mode. |
|
9 |
Second network segment. |
For More About Bridge Mode
See the R80.40 Installation and Upgrade Guide > Chapter Special Scenarios for Security Gateways > Section Deploying a Security Gateway or a ClusterXL in Bridge Mode.