- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi. Ive got the opportunity to replace an old existing appliance cluster with another new appliance cluster (way faster hardware). The old cluster has a configuration that looks like this:
fw1
bond1 on switch 1 -> internal vlans, cluster sync vlans
bond2 on switch 1 -> external vlans/interfaces
fw2
bond1 on switch 2 -> internal vlans, cluster sync vlans
bond2 on switch 2 -> external vlans/interfaces
Performance has been fine and we dont come close to saturating a gig. The load on this cluster is low and the projected growth of the traffic in the next few years is low as well. Anyone have suggestions on a different design or am I good?
Different design would depend partly on the switch capabilities, are they fully independent or clustered / stacked in some way?
Most importantly it comes down to requirements... maybe Sync / DMZ on separate ports etc but would depend on hardware constraints.
Different design would depend partly on the switch capabilities, are they fully independent or clustered / stacked in some way?
Most importantly it comes down to requirements... maybe Sync / DMZ on separate ports etc but would depend on hardware constraints.
Its a modern switch stack. If there arent any issues with how the old cluster is configured I guess Ill continue to do the same thing.
Do you want things deterministic i.e. switch 1 fails then firewall 1 fails ?
Otherwise some might mesh the bond slaves to try and protect against switch failure.
So long as you are using multiple bonds in a cluster, I'd recommend keeping Sync on a separate one, if there are ports available on a switch stack to accommodate it. That said, I am prone to over-engineering for redundancy to cover even for low-probability events.
fully agree, also our preferred setup:
fw1
bond1 on switch 1 -> internal vlans
bond2 on switch 1 -> external vlans/interfaces
bond3 -> cluster sync vlan
fw2
bond1 on switch 2 -> internal vlans
bond2 on switch 2 -> external vlans/interfaces
bond3 -> cluster sync vlan
Best regards
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY