Accept, or Drop Ethernet Frames with Specific Protocols
|
|
Important:
|
By default, a Security Gateway
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., a Cluster, or a Scalable Platform Security Group in Bridge mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. allows Ethernet frames that carry protocols other than IPv4 (0x0800), IPv6 (0x86DD), or ARP (0x0806) protocols.
Administrator can configure a Security Gateway, a Cluster, or a Scalable Platform Security Group in Bridge Mode to either accept, or drop Ethernet frames that carry specific protocols.
When Access Mode VLAN (VLAN translation) is configured, BPDU frames can arrive with the wrong VLAN number to the switch ports through the Bridge interface. This mismatch can cause the switch ports to enter blocking mode.
In Active/Standby Bridge Mode only, you can disable BPDU forwarding to avoid such blocking mode:
|
Step |
Instructions |
|||
|---|---|---|---|---|
|
1 |
Connect to the command line on the Security Gateway, each Cluster Member |
|||
|
2 |
Log in to the Expert mode. |
|||
|
3 |
Backup the current
|
|||
|
4 |
Edit the current
|
|||
|
5 |
After the line:
Add this line:
|
|||
|
6 |
Save the changes in the file and exit the Vi editor. |
|||
|
7 |
On the Scalable Platform Security Group: Copy the modified file to other Security Group Members:
|
|||
|
8 |
Reboot.
|
|||
|
9 |
Make sure the new configuration is loaded:
The output must show:
|