Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Champion
Champion

BGP on Maestro - Tips?

I've set up BGP many times on standard Check Point gateways including clustered ones, but have a client that will be looking to configure it in a Maestro R81.10 environment that is single site with dual orchestrators and non-chassis gateways.  Any special tips/limitations to watch out for?  So far I have:

  • BGP confederations are not supported
  • BGP can't be used with VxLAN interfaces or GRE interfaces
  • BGP Graceful Restart will need to be enabled (and timers match with the BGP peer) to avoid a flap during a Maestro failover 

Any other Maestro-specific tips for BGP? Paging @Kim_Moberg who has posted earlier about using BGP on Maestro.

Has anyone had to manually affine a dedicated core for routed due to it not getting enough CPU slices and causing a flap during security policy installation to the Security Group or other kinds of high CPU load events?  Alas MDPS is not supported on Maestro...yet.

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
2 Replies
the_rock
Champion
Champion

I think @Lari_Luoma can help with it, he is maestro guru.

0 Kudos
Lari_Luoma
Employee
Employee

BGP configuration in Maestro does not really differ from a regular gateway (except for the limitations you already found).
In Maestro one SGM is a dedicated DR manager. In the current software versions it's always the SMO. It takes care of peering and adjacencies. When you run "show bgp peers" for example, you should do it on the DR manager. Also routing logs are stored on that blade. Routes are naturally synchronized to all members.

MDPS will be supported in R81.20.

0 Kudos