This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Antonio_Martins
Contributor
‎2019-02-27 11:25 AM
Jump to solution

Bridge & routing in the same gateway

Hi mates,

I need your clarification for the following scenario:

Some time ago, we had to configure two interfaces in bridge mode in ClusterXL running in HA mode so we could filter traffic between servers in different buildings (Main and DR) that communicate through a layer 2 circuit.

Now we want to use the same gateway to route traffic from the DR building using the same gateway but it doesn't work.

I've made this drawing to better explain what is happening:

In the main site, the Blue Servers can communicate with the Red Servers.

The Blue Servers in DR site can communicate with the Blue Servers in the main site.

The Blue Servers in DR site can't communicate with the Red Servers in the main site.

In the admin guide I've found the sentence 'The Security Gateway cannot filter or transmit packets on a bridge interface that is inspected before (double-inspection)'.

Does this mean that it's not possible to achieve what we want?

0 Kudos
2 Solutions

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2019-02-28 01:57 AM
Jump to solution

This could very well be the limitation. There is one way to resolve that issue and that would be by turning on VSX and setup the cluster as a VSX cluster. In VS0 you would handle the Bridge interfaces and then you create a VS1 to control the traffic to the Red zone. Second advantage for this method would be that you can run VS0 active on unit 1 and run VS1 on unit 2.

Regards, Maarten

View solution in original post

PhoneBoy
Admin
Admin
‎2019-02-28 12:55 PM
Jump to solution

That is exactly the limitation.

VSX, as Maarten says, is the way to achieve this.

View solution in original post

2 Replies
Maarten_Sjouw
Champion
Champion
‎2019-02-28 01:57 AM
Jump to solution

This could very well be the limitation. There is one way to resolve that issue and that would be by turning on VSX and setup the cluster as a VSX cluster. In VS0 you would handle the Bridge interfaces and then you create a VS1 to control the traffic to the Red zone. Second advantage for this method would be that you can run VS0 active on unit 1 and run VS1 on unit 2.

Regards, Maarten
PhoneBoy
Admin
Admin
‎2019-02-28 12:55 PM
Jump to solution

That is exactly the limitation.

VSX, as Maarten says, is the way to achieve this.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events