Number of subnets Checkpoint supports

[dav_y2k]

Hi all,

Please I'd like to know the total number of subnets Checkpoint NGX R65 (and SecurePlatform as well) supports on both Windows and Unix like platform. Does this depends on the number of interfaces each Hardware platform supports? I know the Windows hardware supports 32 interfaces.

thanks in advance

[dav_y2k]

Hi all,
I have another question which is, I have a network as shown in the diagram attached. This is the scenario, I have a checkpoint NGX R60 (which will be upgraded to NGX R65, the third-party network was formerly connected directly to the private LAN using an old router. I would like to connect this third-party network (which are separate subnets) to the firewall I would like to know:
1) Do I need to configure a vlan, if so do I need to add a layer 3 switch before the firewall?
2) would I need to configure NAT/static routes on the Checkpoint firewall?
3) I would also like to add a separate server for a schedule backup using veritas, is there any security concerns?
Any advice/input is welcomed or links to tutorials.

Thanks in advance.

[MarioL]

If they are separate entities you should keep them apart, using vlans or even separate interfaces. If it's the same entity you can use subinterfaces on the firewall, one for each network and that will work. Mind to put all 3 networks on the anti-spoofing though.

[dav_y2k]

Thanks MarioL. Some of the entities are separate. and if I want to create vlans does checkpoint support inter-vlan communication or do I need a layer 3 switch (if so where do I place it)?

[chillyjim]

Quote:

Originally Posted by dav_y2k

Thanks MarioL. Some of the entities are separate. and if I want to create vlans does checkpoint support inter-vlan communication or do I need a layer 3 switch (if so where do I place it)?

If you want the FW to inspect the traffic, then you do not want to use the routing features of a layer 3 switch and let the FW route the traffic.

Remember in its normal configuration a Check Point Firewall gateway is a router.

[dav_y2k]

Thanks Chillyjim,
what do I need to configure virtual interfaces on the firewall (if so please could you kindly give me a link as to how to do this) or what do I need to do on the firewall?