Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herman_Vermeule
Explorer

Bridge Mode implementation on R80.10 Physical Gateway

On R80.10 can I create two Bridge Interfaces (For example Eth1-01 and Eth1-02 one Bridge, Eth3-01 and Eth3-02 Second Bridge) on a Physical Gateway? The Gateway is installed with 10Gb Bypass (Fail-Open) Cards but the Fail-open cards is not supported with Bond Interfaces (According to SK85560). The client have a requirement for an "inline" Bridge Mode IPS (No Firewall functionality - IPS only) inline in two 10Gb Fibers which are Port Channeled together. 

Without the Bypass cards I would have Bonded the Interfaces and then created a Bridge with the Bond Interfaces. However due to the limitation if the Bypass cards are used, I'm wondering if I can create two Bridge Interfaces and then just place the device inline in the Port Channel between the two Cisco devices.

0 Kudos
4 Replies
_Val_
Admin
Admin

If you want to use etherchannel for redundancy, you have to configure bonded interfaces on CheckPoint before assigning them to the bridge. creating two bridges and putting them onto etherchannel on Cisco will not work

0 Kudos
Herman_Vermeule
Explorer

Unfortunately the client requested Bypass Cards to be used. One of the Limitations of Bypass cards are that Bonded Interfaces are NOT supported. (According to SK85560)

 

I also logged a TAC case and the answer was the same : You cannot use Bypass Cards and Bonded Interfaces together. Apparently when the cards go into BYPASS it will/could cause a ACK STORM. Therefore Checkpoint does not support it.

0 Kudos
Maarten_Sjouw
Champion
Champion

In bridge mode the 2 interfaces would become just that, a layer 2 bridge. You could try to use eth1-01 and eth3-01 in one bridge and the other two in the other bridge and bond the eth1-01 and eth3-01 together?

Regards, Maarten
0 Kudos
Herman_Vermeule
Explorer

Unfortunately the client requested Bypass Cards to be used. One of the Limitations of Bypass cards are that Bonded Interfaces are NOT supported. (According to SK85560)

 

I also logged a TAC case and the answer was the same : You cannot use Bypass Cards and Bonded Interfaces together. Apparently when the cards go into BYPASS it will/could cause a ACK STORM. Therefore Checkpoint does not support it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events