Routing and Bridge Interfaces

Security Gateways with a Bridge interface can support Layer 3 routing over non-bridged interfaces.

If you configure a Bridge interface with an IP address on a Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., the Bridge interface functions as a regular Layer 3 interface.

The Bridge interface participates in IP routing decisions on the Security Group and supports Layer 3 routing.

• Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. deployments do not support this configuration.

• You cannot configure the Bridge interface to be the nexthop gateway for a route.

• A Security Group can support multiple Bridge interfaces, but only one Bridge interface can have an IP address.

• A Security Group cannot filter or transmit packets that it inspected before on a Bridge interface (to avoid double-inspection).