This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ChoiYunSoo
Contributor
‎2023-05-18 01:54 AM
Jump to solution

Have you ever used more than 3 ports on a QLS250 machine?

Hi

 

I've been having trouble lately

Looks like the 40Gbps card has been discontinued in recent checkpoints

However, I ran into a situation where I needed to use more than 3 ports at 40Gbps.

So I am temporarily trying to import two 40Gbps cards from the QLS250 device and use them.

 

However, looking at the checkpoint guide document, there seems to be no deployment that imports and uses two or more 40 Gbps.

I will attach a picture below.

Please let us know if you have a case or guide document using 3 ports like the picture below.

 

 

1.png3.png

 

 

2.png4.png

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-05-18 10:26 AM
Jump to solution

Unfortunately, we had to discontinue CPAC-2-40F-C & CPAC-2-100/25F due to an unforeseen issue with one of our NIC suppliers.
The replacement for this will actually be the Dual-width SmartNIC card offered on the LightSpeed appliances today in standard NIC mode operation (i.e. non-accelerated mode).

The two port limitation for QLS NICs is specific to accelerated mode (meaning all accelerated traffic must be in/out the same NIC).
Since these NICs will not be used in accelerated mode, this limitation should not apply.
However, as noted by @Chris_Atkinson you should confirm with your local Check Point SE. 

View solution in original post

9 Replies
G_W_Albrecht
Legend
Legend
‎2023-05-18 02:21 AM
Jump to solution

No - you will need a QLS450 with 2 ConnectX cards ! The QLS650 has 3 and the QLS850 4 ConnectX cards. The term: Alternative supported installation does not really sound like you could have 4 x 100/40 cards. In attached datasheet you can read:

The 4 single-width slots in the QLS250 supports one NVIDIA ConnectX dual-width network card, with 2x 100G QSFP28 ports, supporting an aggregate throughput of 200G of firewall throughput through the ConnectX.

CCSE CCTE CCSM SMB Specialist
Preview file
1440 KB
0 Kudos
ChoiYunSoo
Contributor
‎2023-05-21 06:24 PM
In response to G_W_Albrecht
Jump to solution

thank you for the help it helped a lot

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-05-18 04:55 AM
Jump to solution

Recommend taking the discussion with your local CP SE who can advise on a solution / engage the relevant areas where required to determine the same.

CCSM R77/R80/ELITE
0 Kudos
ChoiYunSoo
Contributor
‎2023-05-21 06:24 PM
In response to Chris_Atkinson
Jump to solution

Thanks, I'll discuss with the local SE

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-18 10:26 AM
Jump to solution

Unfortunately, we had to discontinue CPAC-2-40F-C & CPAC-2-100/25F due to an unforeseen issue with one of our NIC suppliers.
The replacement for this will actually be the Dual-width SmartNIC card offered on the LightSpeed appliances today in standard NIC mode operation (i.e. non-accelerated mode).

The two port limitation for QLS NICs is specific to accelerated mode (meaning all accelerated traffic must be in/out the same NIC).
Since these NICs will not be used in accelerated mode, this limitation should not apply.
However, as noted by @Chris_Atkinson you should confirm with your local Check Point SE. 

ChoiYunSoo
Contributor
‎2023-05-21 06:26 PM
In response to PhoneBoy
Jump to solution

Even if there is no acceleration problem through the test, it will be difficult to use it in the customer network if there is no manufacturer confirmation.

I'll discuss it with the local SE

thanks for the help

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-22 02:51 PM
In response to ChoiYunSoo
Jump to solution

We will have these NICs on the official pricelist in the next few weeks, so this should be a supported configuration.
Best to reach out to your Check Point SE. 

0 Kudos
ChoiYunSoo
Contributor
‎2023-05-23 12:55 AM
In response to PhoneBoy
Jump to solution

Is it okay if I ask one more question?

Looking at the answers above or other documentation, it seems that QLS only accelerates the In/Out ports of the same card.

Does the acceleration referred to here refer to the QLS' light speed acceleration? Do you mean acceleration in normal kernel mode?

 

As I posted above, it is not necessary to use Light Speed ​​acceleration to use the three ports of 'External, Internal, and DMZ'. Acceleration of the existing SecureXL kernel mode is sufficient.

Can I use two 40Gbps cards under these conditions?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-23 11:28 AM
In response to ChoiYunSoo
Jump to solution

Correct, the Quantum Lightspeed specific acceleration only occurs when the traffic goes in and out the same interface.
Otherwise, the interface cards will act like any other interface with respect to SecureXL.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events