This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Herman_Vermeule
Explorer
‎2018-09-14 01:06 AM

Bridge Mode implementation on R80.10 Physical Gateway

On R80.10 can I create two Bridge Interfaces (For example Eth1-01 and Eth1-02 one Bridge, Eth3-01 and Eth3-02 Second Bridge) on a Physical Gateway? The Gateway is installed with 10Gb Bypass (Fail-Open) Cards but the Fail-open cards is not supported with Bond Interfaces (According to SK85560). The client have a requirement for an "inline" Bridge Mode IPS (No Firewall functionality - IPS only) inline in two 10Gb Fibers which are Port Channeled together. 

Without the Bypass cards I would have Bonded the Interfaces and then created a Bridge with the Bond Interfaces. However due to the limitation if the Bypass cards are used, I'm wondering if I can create two Bridge Interfaces and then just place the device inline in the Port Channel between the two Cisco devices.

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2018-09-14 07:07 AM

If you want to use etherchannel for redundancy, you have to configure bonded interfaces on CheckPoint before assigning them to the bridge. creating two bridges and putting them onto etherchannel on Cisco will not work

0 Kudos
Herman_Vermeule
Explorer
‎2018-09-14 11:27 AM
In response to _Val_

Unfortunately the client requested Bypass Cards to be used. One of the Limitations of Bypass cards are that Bonded Interfaces are NOT supported. (According to SK85560)

 

I also logged a TAC case and the answer was the same : You cannot use Bypass Cards and Bonded Interfaces together. Apparently when the cards go into BYPASS it will/could cause a ACK STORM. Therefore Checkpoint does not support it.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-09-14 08:34 AM

In bridge mode the 2 interfaces would become just that, a layer 2 bridge. You could try to use eth1-01 and eth3-01 in one bridge and the other two in the other bridge and bond the eth1-01 and eth3-01 together?

Regards, Maarten
0 Kudos
Herman_Vermeule
Explorer
‎2018-09-14 11:28 AM

Unfortunately the client requested Bypass Cards to be used. One of the Limitations of Bypass cards are that Bonded Interfaces are NOT supported. (According to SK85560)

 

I also logged a TAC case and the answer was the same : You cannot use Bypass Cards and Bonded Interfaces together. Apparently when the cards go into BYPASS it will/could cause a ACK STORM. Therefore Checkpoint does not support it.

0 Kudos