Check Point UTM-1 Edge User Manual page 238

Overview
•
Transparent roaming
In a routed network, if a host is physically moved from one network area to another,
then the host must be configured with a new IP address. However, in a bridged
network, there is no need to reconfigure the host, and work can continue with minimal
interruption.
The UTM-1 appliance allows you to configure anti-spoofing for bridged network
segments. When anti-spoofing is configured for a segment, only IP addresses within a
specific IP address range can be sent from that network segment. For example, if you
configure anti-spoofing for the "Marketing" network segment, the following things
happens:
•
If a host with an IP address outside of the allowed IP address range tries to
connect from a port or VLAN that belongs to the "Marketing" network segment,
the connection will be blocked and logged as "Spoofed IP".
•
If a host with an IP address within the bridge IP address range tries to connect
from a port or VLAN that belongs to a network segment other than the
"Marketing" segment, the connection will be blocked and logged as "Spoofed
IP".
Note: The following UTM-1 models do not support using bridge mode with port-based
VLAN:
•
SBX166-LHGE-2
•
SBX166-LHGE-3
224 Check Point UTM-1 Edge User Guide