Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wilson_Wiley
Participant
Jump to solution

ClusterXL Bridge Mode Setup Instructions

Hi All,

I wanted to see if anyone has any guidance on configuring a ClusterXL gateway active/standby cluster for bridge mode. We've used bridge interfaces on standalone gateways for a while, but not on any ClusterXL clusters. The admin guide documentation for Bridge mode details how to enable ClusterXL bridge mode for active/standby by enabling it in cpconfig, but NOTHING beyond that, such as configuring the bridge interface on both cluster members, or defining the gateway topology of the bridge interfaces.

It's relatively easy to create bridges on standalone gateways, you create the bridge interface in Gaia, give it an IP address and define the sub-interfaces, and then on the SmartConsole gateway topology define two interfaces and give both the same IP information.

From what I've read on ClusterXL bridge mode, you can't give it an IP address (but the documentation doesn't specify whether that's a ClusterXL VIP, or individual members can't have an IP on the bridge interface). And then I don't know how to define the bridge topology of the cluster in SmartConsole, do you create two cluster or private networks, either way you have to enter IP addresses of the interfaces. Or for ClusterXL bridges do you not create any interfaces in the topology, just create ACL rules?

If somebody can help explain the setup of how to do bridging on ClusterXL active/standby clusters beyond what the admin guides say I would really appreciate the help.

Thanks!

Wilson

0 Kudos
1 Solution

Accepted Solutions
Wilson_Wiley
Participant

Thanks for the reply. From what I read with bridge mode and ClusterXL, I knew that you weren't supposed to use an IP address on the bridge interface with clusters (but you can with standalone gateways), but I wasn't sure how you were supposed to represent that in the topology of the cluster object in SmartConsole. Turns out the answer to that was in a note under the "Configure the ClusterXL object in High Availability Mode in SmartConsole" > Wizard/Classic Mode sections.

topology.jpg

 

 

So the answer is that for bridges you don't put in any networks into the topology of the cluster object. I know bridged networks on clusters are probably pretty rare, but I wanted to make sure to put this information back in here for others that may need to use bridged interfaces with clusters and are as confused as I was.

Configuring ClusterXL in Bridge Mode - Active / Standby with Two Switches (checkpoint.com)

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You don’t configure an IP on the bridge (either on the member or for the cluster IP).
The bridge should appear as a single interface (not two) and I believe it’s marked external. 
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Wilson_Wiley
Participant

Thanks for the reply. From what I read with bridge mode and ClusterXL, I knew that you weren't supposed to use an IP address on the bridge interface with clusters (but you can with standalone gateways), but I wasn't sure how you were supposed to represent that in the topology of the cluster object in SmartConsole. Turns out the answer to that was in a note under the "Configure the ClusterXL object in High Availability Mode in SmartConsole" > Wizard/Classic Mode sections.

topology.jpg

 

 

So the answer is that for bridges you don't put in any networks into the topology of the cluster object. I know bridged networks on clusters are probably pretty rare, but I wanted to make sure to put this information back in here for others that may need to use bridged interfaces with clusters and are as confused as I was.

Configuring ClusterXL in Bridge Mode - Active / Standby with Two Switches (checkpoint.com)

0 Kudos
Amitgaur199727
Explorer

Can some share me the network topology of the cluster in bridge mode with active/Standby modes. As i am not getting how we can configure clusters if we want to only provide Ipv4 addresses to MGMT port and sync interfaces only. 

0 Kudos
Amitgaur199727
Explorer

Hey just want to gather some information as i am new to bridge mode deployment. 

As in my case we are having only Ipv4 address only on MGMT port and sync interface. 
Rather than this, only one bridge group configured. So while configuring the cluster we will not have any ip on the ports rather than MGMT and sync interfaces so how can we configure cluster in this scenario. Can you please share an image  network topology of the cluster in this scenario so that it can help me to reach my goal.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 08:00 AM (CDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Tue 23 Apr 2024 @ 08:00 AM (CDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events