Re: [fw-wiz] CP FW1 802.1q

From: Scott Walker Register (scott.register@us.checkpoint.com)
Date: 07/17/02


From: Scott Walker Register <scott.register@us.checkpoint.com>
To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>, Siebenkaes Stefan <Stefan.Siebenkaes@itellium.com>
Date: Wed Jul 17 17:02:01 2002

FYI...

Nokia:
VLANs are supported on FW-1/Nokia on IPSO 3.5 or later and FW-1 NG FP2 or later.
This combination supports up to 64 VLAN interfaces. There is a hotfix available
from Nokia or Check Point support which will raise this limit to 256 interfaces,
and this limit will be further raised in future releases.

Solaris:
We support VLANs on Solaris 8 (64-bit) with NG FP1 or later. We've tested the
Sun Gigaswift and SySKonnect SK-98xx interfaces.

Windows:
Intel VLANs are supported on NT 4.0 SP6a (not Win2k) under NG FP1.

Linux:
Check Point's SecurePlatform and specific Linux-based appliances support VLANs, but
prior to Red Hat 7.3 the only way to get VLAN support was to get the Ben Greear drivers
and compile the kernel yourself, and CP doesn't support end-user-compiled kernels. RH7.3
has VLAN support and NG FP3 will support RH7.3 and Linux VLANs.

-SwR

------------------------
  From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de>
  Subject: Re: [fw-wiz] CP FW1 802.1q
  Date: Tue, 16 Jul 2002 14:58:28 +0200 (CEST)
  To: Siebenkaes Stefan <Stefan.Siebenkaes@itellium.com>, "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>

> --- Siebenkaes Stefan <Stefan.Siebenkaes@itellium.com> schrieb: > Hello,
> >
> > can I run 802.1q natively on a Checkpoint/Nokia? Can
> > this combination tag vlans?
> > Nobody was really sure...
> >
> > Any hints appreciated!
> >
> > Stefan
> >
> >
>
> Please take a look at:
>
> http://www.phoneboy.com/wizards/200009/msg00179.html
>
> As for Solaris: It seems that since Solaris 6 7/01 VLANs are supported.
>
> But (as mentioned often at the firewall-1 wizards mailinglist):
> VLANs are NOT good from a security point of view.
> Please see:
> http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
>
> Hope that helps
>
> Marc
>
>
>
>
> __________________________________________________________________
>
> Gesendet von Yahoo! Mail - http://mail.yahoo.de
> Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---------------End of Original Message-----------------

----------------------------------------------------------------
Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager
               Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 07/17/02 16:42:48
----------------------------------------------------------------



Relevant Pages

  • Re: Carp vhid with vlan ids alignment
    ... This scheme runs on production routers with several hundred interfaces ... I'm planning and testing a new FreeBSD router, with vlans and carp ... What do you think in change the carp code to support vhid above 255 (just ... Making carp instance for every vlan is wrong design. ...
    (freebsd-net)
  • Re: Vlans on a 2900 series XL switch
    ... So, as far as the tool knows, the Cat 2900XL does not support VLANs ... as early as 11.2 supported IEEE 802.1Q VLANs on -any- platform. ... help with my ccna studies. ...
    (comp.dcom.sys.cisco)
  • Re: 7200 vs 7600 VLANs
    ... Limitation of the standard. ... If VLANs on the 7600 could be per-port instead of globally on the box, ... would be perfectly possible to support more than 4096 VLANs. ...
    (comp.dcom.sys.cisco)
  • Re: PIX and VLANs Revisited
    ... thought only Switches above 6000 series support VACLs. ... If you look at the Feature Navigator, you will see that the 3550/3750 ... The 3550/3750 supports extended IP ACLs applied to VLANs, ... meaningful firewalling as well. ...
    (comp.security.firewalls)
  • Re: [fw-wiz] CP FW1 802.1q
    ... > Solaris only supports VLANs on certain interfaces. ... > appears to be limited to their GigE card. ...
    (Firewall-Wizards)