This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Alex-
Advisor
Advisor
Friday

Maestro and Shared Uplinks

I was ready about Shared Uplinks on Maestro R81.20 and I would like to check if my understanding is correct.

 

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Maestro_AdminGuide/Content/T...

 

Let's say we have 2 MHO and 2 Security Groups.

We could connect 1 40G uplink on each MHO and bond them in each SG, let's say bond1.

SG 1 could then configure bond1.<first vlan range> and SG2 could have bond1.<second vlan range>.

In effect, we share the physical capacity between Security Groups.

Now what we wonder:

- Any issues doing with SG1 being cluster and SG2 being VSX?

The Security Group with the lowest ID, which has been assigned the shared subordinate interfaces, is responsible for the LACP negotiation for these interfaces. Does this mean that one SG is responsible for the correct function of all LACP bonds?

- Any production tips & tricks which go beyond the user manual?

- Is the MHO deployment relevant to this feature, like single-room, dual-room, multisite?

We're still pondering the use of shared uplinks or dedicated interfaces in a broader cost vs functionality context.

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events