[jeremiahnz]

Hi all,

We have a customer with a VLAN and subnet behind our checkpoint firewalls (VPN-1 Pro Gateway NGX R60_2 in HA mode). They have now outgrown their assigned subnet and want another. For billing purposes and preservation of VLAN's (we run a reasonably large internal network), we want to just put the secondary subnet on the same VLAN as they are currently using.

I have logged onto the firewalls and configured a secondary IP address for the VLAN, however, in Smartdashboard I am unable to retrieve the topology for the secondary interfaces, and therefore cannot add the cluster interface. I have read in other posts that this is the expected behavior. Therefore my questions is, how do I add the cluster address for the secondary interface?

I also understand that I will come up against some anti spoofing issues in this configuration. Currently our anti spoofing is based upon topology. I would rather not manually define every network behind the firewall. Is there any way of achieving what I want?