Re: VLAN in CheckPoint FW1 Secure Platform

Bill,
 I can see where this would apply only if you were using a NIC on your
firewall as a trunk of some type and passing the vlans out tagged to a
switch or router where you'd then split the traffic up on the other end and
send it to the appropriate destination. If you're using the 2 DMZ example,
you had one tagged vlan 8 and the other tagged vlan 9, the interface would
route traffic appropriately to each vlan on that trunk through the
designated NIC. In this case you'd have to have a NIC that supports vlan
tagging however.
Don't know if this helps or not,
 Mike
  >Hi Sin,
> Thanks for reply. But it sounds like a multihome IPs
> to me.
> Having a single network card with multiple IPs.
>
> What good does VLAN do in here?
>
> Cheers,
>
> Bill
>
> --- sin <sin@pvs.ro> wrote:

> Bill Smith wrote:
> > Hi folks,
> >
> >
> >
> > I do understand about VLAN in the switches
> environment, but a bit
> > confused about VLAN in SPLAT.
> >
> > Can anyone explain, what exactly VLAN is used for
> in SPLAT and give me
> > an example.
>
> VLAN in SPLAT is done by the underlying OS (mainly
> using vconfig and
> 8021q kernel module).
>
> an example of using VLANs in SPLAT would be to have
> let's say different
> DMZ zones wihout having to have a physical interface
> in the firewall for
> each zone.
>
> be aware that if you want to use VLANs in SPLAT for
> NG-AI R55 you have
> to assing an IP address to the physical interface
> you wish to attach
> VLAN subinterfaces to (if you don't do that,
> sysconfig won't let you
> create VLAN interfaces).
>
>
> sin
<firewalls@securityfocus.com>