Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Champion
Champion

BGP on Maestro - Tips?

I've set up BGP many times on standard Check Point gateways including clustered ones, but have a client that will be looking to configure it in a Maestro R81.10 environment that is single site with dual orchestrators and non-chassis gateways.  Any special tips/limitations to watch out for?  So far I have:

  • BGP confederations are not supported
  • BGP can't be used with VxLAN interfaces or GRE interfaces
  • BGP Graceful Restart will need to be enabled (and timers match with the BGP peer) to avoid a flap during a Maestro failover 

Any other Maestro-specific tips for BGP? Paging @Kim_Moberg who has posted earlier about using BGP on Maestro.

Has anyone had to manually affine a dedicated core for routed due to it not getting enough CPU slices and causing a flap during security policy installation to the Security Group or other kinds of high CPU load events?  Alas MDPS is not supported on Maestro...yet.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
2 Replies
the_rock
Legend
Legend

I think @Lari_Luoma can help with it, he is maestro guru.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

BGP configuration in Maestro does not really differ from a regular gateway (except for the limitations you already found).
In Maestro one SGM is a dedicated DR manager. In the current software versions it's always the SMO. It takes care of peering and adjacencies. When you run "show bgp peers" for example, you should do it on the DR manager. Also routing logs are stored on that blade. Routes are naturally synchronized to all members.

MDPS will be supported in R81.20.

0 Kudos