Scenario 3 - Destination Host is in Different VLAN, Exists, and is SVI 10 UP
We have the same implementation and the checkpoint firewall drops the request as spoofed or out of state . (The guest vlan and management are in different subnets). If we create an SVI of guest vlan everything works fine but we cannot create it in all the enterprise switches . Do you know any other workaround (we can disable inpection in firewall but not antispoofing) .