You don't need a layer 3 device to make this work. You can create the VLANs on the switch but only have 1 management VLAN with an IP address on the switch. If you wanted more than 1 IP on the switch then you will need to get a layer 3 device. You don't need more than 1 IP in this scenario however.
You can create sub-interfaces on the physical interface on the checkpoint box. On those sub-interfaces you will need to input the IP address (VLAN gateway address), subnet mask and interface number. The physical interface will automatically use 802.1Q to trunk all of your sub-interfaces (VLANs).
You will need to create the VLANs on the switch also, and I suspect you will want to create a VLAN interface (SVI) on the switch so you can manage it.
Create a dot1q trunk on the uplink to the checkpoint box.
You will also need to stipulate the particular VLAN for each port on the switch.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...