Bridge Interfaces

Configure interfaces as a bridge to deploy security devices in a topology without reconfiguration of the IP routing scheme. This is an important advantage for large-scale, complex environments.

Bridge interfaces connect two different interfaces (bridge ports). Bridging two interfaces causes every Ethernet frame that is received on one bridge port to be transmitted to the other port. Thus, the two bridge ports participate in the same Broadcast domain (different from router port behavior). The security policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. inspects every Ethernet frame that passes through the bridge.

Important - Only two interfaces can be connected by one Bridge interface, creating a virtual two-port switch. Each port can be a physical, VLAN, or bond device.

You can configure bridge mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. with one Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or with a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.. The bridge functions without an assigned IP address. Bridged Ethernet interfaces (including aggregated interfaces) to work like ports on a physical bridge. You can configure the topology for the bridge ports in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. A separate network or group object represents the networks or subnets that connect to each port.

Notes:

Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. OS supports bridge interfaces that implement native, Layer 2 bridging.
Gaia OS does not support Spanning Tree Protocol (STP) bridges.
A subordinate interface that is a part of a bond interface cannot be a part of a bridge interface.

The bridge interfaces send traffic with Layer 2 addressing. On the same device, you can configure some interfaces as bridge interfaces, while other interfaces work as Layer 3 interfaces. Traffic between bridge interfaces is inspected at Layer 2. Traffic between two Layer 3 interfaces, or between a bridge interface and a Layer 3 interface is inspected at Layer 3.