Hello Everyone,
Hope are all doing good.
I looking input to resolve the ongoing issue in my production network.
In my infrastructure ISP Internet circuit is connected on 3750 switch (access mode) and layer 3 connected extended to checkpoint firewall.Two ports of same switch is terminated on check point firewall.Check point firewall interface are configured on VRRP.
As layer 3 interface is on checkpoint firewall,Ipsec tunnel is formed our check point over internet circuit to third party ASA.everything is working fine but since fews days observing unwanted traffic from internet on check point.My boss want to block the traffic on 3750 switch.In this setup switch is only working as layer 2.Layer 3 interface is not configured on it.
Kindly suggestion an alternate option to block the traffic coming from internet on switch to accomplish the task.