Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harmesh_Yadav
Collaborator

Checkpoint Firewall 5K Series with Cisco Core switch With HSRP

Dear Team ,

 

we have requirement like below please confirm and let us know if any limitation with this .

 

We have Two Chcekpoint Devices  which is 5100 Series device  and Cisco L2 switch for WAN and Cisco 9500 for Core Switch

Presently Both Checkpoint In One location - in proposed solution each checkpoint we be at each building .

 

2 Dedicated switch for ISP Connectivity at each Building

Go through Diagram it wil give your better visibility (yellow wil be fiber)

 

Both Location connectivity we will do over Fiber cable

 

Find attached Diagram Which we have created .

 

I have doubt about compatibility with Checkpoint and Cisco -- HSRP --- is it possible in this scenario or we should run VRRP - and what changes required and what precautions we need to take .

 

Your suggestion will be very important for me to run this environment with smooth way 

 

Thanks in advance

 

 

Harmesh Yadav
0 Kudos
Reply
4 Replies
_Val_
Admin
Admin

Should not be an issue.

Harmesh_Yadav
Collaborator

is there any limitation in this scenario?

Harmesh Yadav
0 Kudos
Reply
Magnus-Holmberg
Advisor

If you want to run 2 ISP and as am guessing its the ISP CPE and not your own boxes.

Then you would need to run linknetworks with BGP between your check point boxes and the ISP CPE.
You would also need your own AS number and PI addresses.


I would recommend to use one /29 linknetwork for each provider so you can add both your check point boxes and use cluster xl.
Then you would route your PI addresses instead so you dont need to mess with local.arp and such things.

The inside with HSRP/VRRP dosn´t matter both will work.
With Cisco 9500 most ppl i guess would run stackwise virtual, issue with that is that is that you requires alot of fiber between your buildings.
Same as your suggested design alot of fibers are needed,

Personally i would build it like this, more or less to save fiber between the buildings if you need to add more unitis suchs as WLC, ISE servers etc.
This way you also dont need to have STP within the network. 
core.JPG
Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
Harmesh_Yadav
Collaborator

Thank you for your reply -- really appreciate your help

Harmesh Yadav
0 Kudos
Reply