Infinity CHECK POINT 1100 Administration Manual page 64

5. In DHCP Server:
Select one of the options:
• Enabled - Enter the IP address range and if necessary the IP address exclude range. The
appliance's own IP address is automatically excluded from this range. You can also exclude or
reserve specified IP addresses if you define network objects in the Users & Objects > Network
Objects page. To reserve specified IP addresses, you must have the device MAC address.
• Relay - Enter the DHCP server IP address.
• Disabled
IPv6 Auto Assignment for IPv6 configurations:
• SLAAC (Stateless Address Autoconfiguration) - The host selects its own full IPv6 address
after it receives the IPv6 address prefix from the gateway. The appliance cannot reserve an
IPv6 address for a specific host (Mac Address).
Note - The common use case is a prefix length of 64. If you change it from 64, make sure the
internal hosts support the new length.
• DHCPv6 Server - Same as the DHCPv4. You can reserve an IP address for a specified host.
• DHCPv6 Server Relay - Same as in IPv4.
• Disabled (Static)
Monitor Mode
Security Gateways can monitor traffic from a Mirror Port or Span Port on a switch.
With Monitor Mode, the appliance uses Automatic Learning or user-defined networks to identify
internal and external traffic, and to enforce policy.
Automatic Learning - The appliance automatically recognizes external networks by identifying the
default gateway's network from requests to the Internet (specifically, requests to Google). The
rest of the networks are considered internal.
User-Defined Networks - You can manually define internal networks. If a network is not defined
as internal, it is considered external.
In both Automatic Learning and user-defined networks:
• Traffic to internal hosts is inspected by the Incoming/Internal/VPN Rule Base.
• Traffic to external hosts is inspected by the Outgoing Rule Base.
• Threat prevention's default configuration is optimized to inspect suspicious traffic from
external hosts to internal hosts.
To configure monitor mode in the WebUI:
1. Go to Device > Local Network.
2. Select an interface and double-click.
The Edit window opens in the Configuration tab.
3. In the Assigned To drop-down menu, select Monitor Mode.
The Manually define internal networks checkbox shows.
4. To use Automatic Learning, do not select Manually define internal networks and click Apply.
5. To use your own network definitions, select Manually define internal networks.
The network definition features and table show.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
Appliance Configuration
| 64