The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: How Many Interfaces does IPSO and FireWall-1 Support?

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


FireWall-1 NG FP2 and previous on IPSO supports 64 interfaces. However, each IP associated with the platform might get associated with the "interface" slot, depending on how old a version you are running.

In NG FP2 with the VLAN hotfix, this limit was raised to 256 interfaces, and FireWall-1 was a little more intellegent about how it allocates interfaces to IP addresses. In NG FP3 and above, FireWall-1's limit is 1024. However, IPSO versions prior to 3.7 only support 256 interfaces. In IPSO 3.7, 1024 interfaces will be supported.

Note that each "VLAN" is counted as a seperate interface.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.