Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Best topology for Check Point in HPE ProCurve) based core network. Comments and opinions please.

Not strictly a Check Point only question, but since it is a part of the infrastructure, I'd like to hear your thoughts on possible issues and gotchas I may run into if implementing this:

HPE/Aruba/Check Point Core NetworkHPE/Aruba/Check Point Core Network

 

 The devices in the center are Aruba 5412R zl2 in Virtual Switch Framework configuration.

On the right are the two switches running same OS in Distributed Trunking mode.

On he left is the pair of independent switches.

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

Guess it depends a lot on your scope and design objectives.

Some may prefer not to have the shared L2 domain for the internal & externals zones of the firewall. If the central switches are also terminating L3 do they support VRFs?

0 Kudos
Vladimir
Champion
Champion

The HPE ArubaOS-Switch series (formerly known as ProCurve) does not support VRF.

The A-series of HPE-Aruba running ArubaOS/ArubaOS (MAS) support VRF, but are not part of this design (client's requirements).

So in case of this design, all routing is done by firewalls, but you do have an ability to have a single routing domain on VSF, if you need to bypass Check Point for some traffic.

0 Kudos