This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend
‎2022-08-08 08:49 AM

BGP on Maestro - Tips?

I've set up BGP many times on standard Check Point gateways including clustered ones, but have a client that will be looking to configure it in a Maestro R81.10 environment that is single site with dual orchestrators and non-chassis gateways.  Any special tips/limitations to watch out for?  So far I have:

  • BGP confederations are not supported
  • BGP can't be used with VxLAN interfaces or GRE interfaces
  • BGP Graceful Restart will need to be enabled (and timers match with the BGP peer) to avoid a flap during a Maestro failover 

Any other Maestro-specific tips for BGP? Paging @Kim_Moberg who has posted earlier about using BGP on Maestro.

Has anyone had to manually affine a dedicated core for routed due to it not getting enough CPU slices and causing a flap during security policy installation to the Security Group or other kinds of high CPU load events?  Alas MDPS is not supported on Maestro...yet.

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
2 Replies
the_rock
Legend
Legend
‎2022-08-08 12:42 PM

I think @Lari_Luoma can help with it, he is maestro guru.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2022-08-08 01:54 PM

BGP configuration in Maestro does not really differ from a regular gateway (except for the limitations you already found).
In Maestro one SGM is a dedicated DR manager. In the current software versions it's always the SMO. It takes care of peering and adjacencies. When you run "show bgp peers" for example, you should do it on the DR manager. Also routing logs are stored on that blade. Routes are naturally synchronized to all members.

MDPS will be supported in R81.20.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events