Facing trouble on internet circuit


(Vijay B) #1

Hello Everyone,
Hope are all doing good.
I looking input to resolve the ongoing issue in my production network.
In my infrastructure ISP Internet circuit is connected on 3750 switch (access mode) and layer 3 connected extended to checkpoint firewall.Two ports of same switch is terminated on check point firewall.Check point firewall interface are configured on VRRP.
As layer 3 interface is on checkpoint firewall,Ipsec tunnel is formed our check point over internet circuit to third party ASA.everything is working fine but since fews days observing unwanted traffic from internet on check point.My boss want to block the traffic on 3750 switch.In this setup switch is only working as layer 2.Layer 3 interface is not configured on it.

Kindly suggestion an alternate option to block the traffic coming from internet on switch to accomplish the task.


(Lazaros Agapides) #2

Hello Vijay

Without knowing more about your topology, I would say that you should attempt to block the unwanted traffic at the firewall itself. I am not familiar with Checkpoint however, there should be mechanisms (access lists? stateful inspection) that will examine and drop the unwanted packets. After all, that’s what a firewall does :slight_smile: . You cannot selectively block traffic based on IP address and layer 4 port at the 3750 switch since it is functioning only at Layer 2.

I hope this has been helpful!

Laz