This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
maddah87
Contributor
Wednesday
Jump to solution

Dedicated Sync Interfaces as an internal or external interface

Hi,

Can one of the dedicated sync interfaces of 19100 or 19200 be used as an internal or external interface of a clustered environment.

early 2025 we had an issue of assigning one of the sync interfaces to an internal interface. we used different interfaces rather sticking in to that. Currently we try to match number of ports of one customer's req. If one of the sync can be used to internal or external interface we can refrain adding another line card.

0 Kudos
2 Solutions

Accepted Solutions
Martijn
Advisor
Advisor
Wednesday
Jump to solution

The name of the port is just a name and to my knowledge you can use this port for any other type of interface.
But don't become confused when you see the name Sync in Gaia and SmartConsole in the interface section.

In ElasticXL the Sync is used for building the ExlasticXL setup so do not use the Sync in such setups.

View solution in original post

the_rock
MVP Platinum
MVP Platinum
Thursday
Jump to solution

Technically yes, it can be used for that. Personally, I would not do it, but thats just me. Anyone I know and ever worked with related to CP firewalls, used Sync as dedicated sync interface.

 

Best,
Andy

View solution in original post

10 Replies
Martijn
Advisor
Advisor
Wednesday
Jump to solution

The name of the port is just a name and to my knowledge you can use this port for any other type of interface.
But don't become confused when you see the name Sync in Gaia and SmartConsole in the interface section.

In ElasticXL the Sync is used for building the ExlasticXL setup so do not use the Sync in such setups.

Bob_Zimmerman
MVP Gold
MVP Gold
Wednesday
In response to Martijn
Jump to solution

To help minimize potential confusion, you can build a bond and put the interface named Sync into the bond. That way, your topology says bond5.284 or whatever instead of Sync2.284. It keeps the interface name as an implementation detail, where it should be. Then if you want that interface to be 40g or 100g or whatever, you get a new card and change the physical interface which backs the bond.

Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Wednesday
Jump to solution

Also refer to sk92755 for supported SFPs for the Sync ports.

CCSM R77/R80/ELITE
the_rock
MVP Platinum
MVP Platinum
Thursday
Jump to solution

Technically yes, it can be used for that. Personally, I would not do it, but thats just me. Anyone I know and ever worked with related to CP firewalls, used Sync as dedicated sync interface.

 

Best,
Andy
Vincent_Bacher
Leader Leader
Leader
Friday
In response to the_rock
Jump to solution

Same here.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to Vincent_Bacher
Jump to solution

@Martijn made an  EXCELLENT point. Say you set it as external, but you cant actually change the name, it would ALWAYS show as SYNC...would be way too confusing.

Best,
Andy
0 Kudos
Vincent_Bacher
Leader Leader
Leader
Friday
In response to the_rock
Jump to solution

This is why I would never use it as data interface.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Platinum
MVP Platinum
Friday
In response to Vincent_Bacher
Jump to solution

💯

Best,
Andy
0 Kudos
Vincent_Bacher
Leader Leader
Leader
Friday
In response to the_rock
Jump to solution

Just as a heads-up: The competition from Sunnyvale, California actually lets you set an alias for an interface that fully replaces the original interface name. So unlike Check Point, you’ll actually see the alias name everywhere in the UI (and cli I think) instead of the default interface label.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Platinum
MVP Platinum
Friday
In response to Vincent_Bacher
Jump to solution

Yes sir, done that before lol

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events