If you would like to demonstrate Check Point products to your customers or to make some trials in the production environment without risking of breaking something, it might be handy to use a span port.
This post is not about how to make a span port on your network switch, it is about proper configuration of your Check Point box.
To simplify things, let's assume you are running a standalone installation (quite useful for new product trials). You have to have two physical network interfaces: one for management and GUI connections, the other one to connect to a mirror port.
When installing the box, you need to assign an IP address to MGMT interface. Leave the second NIC unnumbered.
Once you have installed Check Point products on the box, you have to configure the second NIC to be ready for span port connectivity. To do that, go to sysconfig / network configurations / configure connection and choose "Define as connected to a mirror port".
This setting will create a new bridge interface with your second NIC in it.
In case you are running GAIA EA (as I am doing as we speak), sysconfig there is disabled. You have to go to GAIA WebUI. Enable the second NIC there and create a new bridge manually, then add NIC to it.
This is all for OS related configuration, the rest is in the SmartDashboard GUI.
When defining topology of your FW, set up MGMT interface as external, but disable anti-spoofing. The second unnumbered interface should have "undefined" topology.
Install policy, enable features you want to test. Now you are good to go.
Just one more tip. If you want good visibility on your internal network security situation, define span port for internal, not external interface of your actual production FW.