Scenario 3 - Destination Host is in Different VLAN, Exists, and is SVI 10 UP
We have the same implementation and the checkpoint firewall drops the request as spoofed or out of state . (The guest vlan and management are in different subnets). If we create an SVI of guest vlan everything works fine but we cannot create it in all the enterprise switches . Do you know any other workaround (we can disable inpection in firewall but not antispoofing) .
I think you should enable the TCP state bypass on the Checkpoint firewall to resolve this issue.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: