This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Harmesh_Yadav
Collaborator
‎2020-12-21 12:12 AM

Checkpoint Firewall 5K Series with Cisco Core switch With HSRP

Dear Team ,

 

we have requirement like below please confirm and let us know if any limitation with this .

 

We have Two Chcekpoint Devices  which is 5100 Series device  and Cisco L2 switch for WAN and Cisco 9500 for Core Switch

Presently Both Checkpoint In One location - in proposed solution each checkpoint we be at each building .

 

2 Dedicated switch for ISP Connectivity at each Building

Go through Diagram it wil give your better visibility (yellow wil be fiber)

 

Both Location connectivity we will do over Fiber cable

 

Find attached Diagram Which we have created .

 

I have doubt about compatibility with Checkpoint and Cisco -- HSRP --- is it possible in this scenario or we should run VRRP - and what changes required and what precautions we need to take .

 

Your suggestion will be very important for me to run this environment with smooth way 

 

Thanks in advance

 

 

Harmesh Yadav
Preview file
64 KB
0 Kudos
4 Replies
_Val_
Admin
Admin
‎2020-12-21 12:59 AM

Should not be an issue.

Harmesh_Yadav
Collaborator
‎2020-12-21 03:43 AM
In response to _Val_

is there any limitation in this scenario?

Harmesh Yadav
0 Kudos
Magnus-Holmberg
MVP Silver
MVP Silver
‎2020-12-21 04:18 AM

If you want to run 2 ISP and as am guessing its the ISP CPE and not your own boxes.

Then you would need to run linknetworks with BGP between your check point boxes and the ISP CPE.
You would also need your own AS number and PI addresses.


I would recommend to use one /29 linknetwork for each provider so you can add both your check point boxes and use cluster xl.
Then you would route your PI addresses instead so you dont need to mess with local.arp and such things.

The inside with HSRP/VRRP dosn´t matter both will work.
With Cisco 9500 most ppl i guess would run stackwise virtual, issue with that is that is that you requires alot of fiber between your buildings.
Same as your suggested design alot of fibers are needed,

Personally i would build it like this, more or less to save fiber between the buildings if you need to add more unitis suchs as WLC, ISE servers etc.
This way you also dont need to have STP within the network. 
core.JPG
Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
Harmesh_Yadav
Collaborator
‎2020-12-21 05:20 AM
In response to Magnus-Holmberg

Thank you for your reply -- really appreciate your help

Harmesh Yadav
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events