Trunking on Check Point SecurePlatform.
Trunking is a feature that will pass the VLAN database between network devices. Usually this mechanism is used between switches-routers or switches-switces.
Maybe some of us wonder about configuring trunking on Check Point devices that using SPLAT operating system. This trunking configuration is needed when we lack of switch devices and want to do an interVLAN routing to the Check Point device.
In general, Check Point won’t refer this as a VLAN trunking , that is why you won’t see it in their console/portal/ brochures. You will see only mentioned an 802.1q support which is the VLAN mechanism that is supported.
Below are the steps that will help us to configure VLAN trunking on Check Point SPLAT:
1. Go to the WebUI. Then under the intefaces, you can add a new VLAN interface by being asked the VLAN ID, IP address, subnet mask, and the physical inteface.
2. For example, we create the VLAN 13, 20, 22, 75 on physical interface called LAN 3
3. The configuration will result like below:
4. Remember to not configure the IP address on the physical interface. In this example, don’t configure the IP address on “LAN 3” interface.
5. The physical interface will be the trunking port automatically.
6. If you are not able to configure the VLANs via WebUI then add the VLANs manually via CLI by executing command “sysconfig“. After executing sysconfig, you must configure the same steps like above.
7. Don’t forget to configure your switch device to allow VLAN 13,20,22,75 from the Check Point firewall. In this example, we use Cisco Switch and the configuration is like below:
interface GigabitEthernet1/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 13,20,22,75
Hope our steps will help you configure the trunking on Check Point SPLAT.
Pictures by Check Point forums and cwbestbuy