This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
CheckMate
Explorer
‎2019-10-29 08:17 PM

Cluster to cisco L3 port

Hello All,

 

I am trying to setup and L3 port on a cisco switch to connect to a checkpoint Cluster-XL, i cannot figure out how to configure the interfaces on the checkpoint members to manage the traffic coming from the switch.

I have tried adding two switch ports into a port-channel with one of each ports going to the cluster members, however this does not seem to work.  

Can someone please advise on the correct way to do this?

Preview file
29 KB
0 Kudos
5 Replies
HeikoAnkenbrand
Champion
Champion
‎2019-10-30 02:12 AM

- Use two layer 2 ports in the same vlan on the switch.

- Now connect the CP gateways to this ports

- If you use CCP multicast -> do not configure multicast port security on the switch ports

More read here:
R80.x - cheat sheet - ClusterXL

ClusterXL R80.30 Administration Guide 

 

 

0 Kudos
CheckMate
Explorer
‎2019-10-30 04:32 PM
In response to HeikoAnkenbrand

Thanks for your reply,

If use layer 2 i will not be able to add and IP to the cisco switch for the gateway of the LAN

0 Kudos
mdjmcnally
Advisor
‎2019-10-30 04:51 AM

You either use

1.) Single Port on Cisco to Single Port on Check Point, so 1 cable per member NO Port Channel,2 Cables overall

2.) Port Channel on Cisco to Bond Interface on Check Point.   ie 2 cables from Cisco to 2 interfaces on the same Check Point that are bonded together, so 4 Cables/Ports used on the Cisco and 2 each on each Check Point Member

You cannot bond interfaces or split a bond on the Cisco across 2 Cluster Members.

You can if your switches can handle it split a Port Channel across 2 Switches and then use a Bond on the Check Point so basically the opposite way to what you trying to do currently.  Again would be 4 Cables/Ports in the Cisco and 2 ports on each Check Point.

 

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-30 05:40 AM

To get your Layer-3 interface going, you need to define a VLAN with the IP that you want on that connection to the Check Point cluster, you add 2 access ports to this VLAN and you connect the 2 Check Point gateways to these 2 ports.
Regards, Maarten
0 Kudos
CheckMate
Explorer
‎2019-10-30 04:51 PM
In response to Maarten_Sjouw

Thanks for the reply, 

So the cisco switch does not need to be a "no switchport" in order to route the traffic?  I can apply the IP to the vlan and do an ip route 0.0.0.0 0.0.0.0 "VLAN IP". is this correct ?

0 Kudos