https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227268#M43701 <P>Hello, I have one doubt about VSX and the internal VLAN used on Virtual Switches for interconnecting VSX clusters: I thought it only need to exist inside the virtual system, but taking into account that it is monitored by CCP:</P><P><A href="https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/150950" target="_blank">https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/150950</A></P><P>I suppose CCP packets are being send from one appliance to the other also for this internal VLAN and, in this case, we need to connect by some way (by physical wire or physical switch) this VLAN on one of the appliance with this same vlan in the oher appliance. could someone please confirm this?</P><P>Best regards</P> Thu, 19 Sep 2024 16:33:49 GMT Diego_dg 2024-09-19T16:33:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227268#M43701 <P>Hello, I have one doubt about VSX and the internal VLAN used on Virtual Switches for interconnecting VSX clusters: I thought it only need to exist inside the virtual system, but taking into account that it is monitored by CCP:</P><P><A href="https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/150950" target="_blank">https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/150950</A></P><P>I suppose CCP packets are being send from one appliance to the other also for this internal VLAN and, in this case, we need to connect by some way (by physical wire or physical switch) this VLAN on one of the appliance with this same vlan in the oher appliance. could someone please confirm this?</P><P>Best regards</P> Thu, 19 Sep 2024 16:33:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227268#M43701 Diego_dg 2024-09-19T16:33:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227301#M43706 <P>Individual Virtual Systems can be active on different cluster members so for communication via a vswitch to work between VS the vlan needs to be present in the adjacent network fabric, sync interfaces aren't used for this traffic flow.</P> <P>Are you certain you need a virtual switch in your scenario, over the journey we've seen many deployments that have had unnecessary virtual routers or virtual switches.</P> <P>&nbsp;</P> Thu, 19 Sep 2024 23:49:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227301#M43706 Chris_Atkinson 2024-09-19T23:49:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227321#M43717 <P>Thanks, for your help, we will review our scenario according to you recomendations. We configured the virtual switches without configuring the VLAN on the adjacent network fabric and everyting works but the clusters are in state Active Attention/DOWN because CCP packets are not received on the warp interfaces, so I think this is the expected behaviour if the VLAN is not present on the&nbsp;<SPAN>adjacent network fabric, we will fix this as suggested. Thanks!</SPAN></P> Fri, 20 Sep 2024 05:37:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/interconnection-of-both-cluster-members-though-Internal-VLAN/m-p/227321#M43717 Diego_dg 2024-09-20T05:37:20Z