Infinity CHECK POINT 1100 Administration Manual page 66

Appliances centrally managed
Hide thumbs Also See for CHECK POINT 1100:
Table of Contents

Advertisement

To edit a physical interface:
Configure the fields in the tabs. Note that for the DMZ there is an additional tab Access Policy:
Configuration tab
Assigned to - Select the required option:
Unassigned - The physical interface is not part of any network and cannot be used.
One of the existing configured switches or bridges
Separate network - When selecting a separate network configure this information:
IP address
Subnet mask
DHCP Server settings
Select one of the options:
Enabled - Enter the IP address range and if necessary the IP address exclude range.
The appliance's own IP address is automatically excluded from this range. You can also
exclude or reserve specific IP addresses by defining network objects in the Users &
Objects > Network Objects page. Reserving specific IP addresses requires the MAC
address of the device.
Relay - Enter the DHCP server IP address.
Disabled
Note - When you create a switch, you cannot remove the first interface inside unless you delete
the switch.
Advanced tab
The options that are shown vary based on interface type and status. Configure the options that are
applicable:
Description - Enter an optional description. The description is shown in the local network table
next to the name.
MTU size - Configure the Maximum Transmission Unit size for an interface. Note that in the
Check Point Appliance, the value is global for all physical LAN and DMZ ports.
Disable auto negotiation - Select this option to manually configure the link speed of the
interface.
Override default MAC address – This option is for local networks except those on VLANs and
wireless networks. Use this option to override the default MAC address of the network's
interface, when the device has two separate local networks connected to the same external
switch.
Best Practice - This is a rare configuration. Do not select this option unless you are sure you
need it.
Note - This option is not supported in 1100 appliances.
Exclude from DNS proxy – Select this checkbox for any network that you do not want exposed
to internal domains. In guest VAPs (wireless network for guests), this is selected by default.
Access Policy tab (only for DMZ)
These options create automatic rules that are shown in the Access Policy > Firewall Policy page.
Allow access from this network to local networks
Log traffic from this network to local networks
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
Appliance Configuration
|
66

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CHECK POINT 1100 and is the answer not in the manual?

Table of Contents