This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
useraz
Explorer
‎2020-11-17 02:30 AM

Checkpoint FW and BGP

Hi all,

We currently have two FWs in cluster at two locations in active/backup mode.
FWs servers as a gateway with floating vIP LANs, without BGP.

We would like to add another LAN interface with BGP. We want to have two BGP sessions, one at each location.
At least active FW would advertise default route to leaf/spine switches. When FW switch from backup to active
it should start to advertise better default route.

Is it possible to have such a configuration or we have to move to active/active topology?

 

Best regards, Ales

0 Kudos
2 Replies
John_Fleming
Advisor
‎2020-11-17 10:07 AM

I think it will work. Only the active member talks BGP and I'm not aware of any requirement for the BGP configure to be %100 the same on both members. There could be some items that need to be the same such as local AS.

Better safe then sorry with that being said. Test it out.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-11-19 05:00 AM
In response to John_Fleming

Router-ID should be the VIP, also recommend using Graceful restart...

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top