Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ChoiYunSoo
Contributor
Jump to solution

Is there any case of configuring ClusterXL Active-Standby Bridge mode?

Hi

There is a firewall that the customer is using in Bridge mode.(R80.30)

I am upgrading the firewall to R81.10 in November and want to change the configuration to ClusterXL Active-Standby while maintaining Bridge mode.

 

Is there any case of using ClusterXL bridge mode as Active-Standby like me?

If configuration is possible, do Active and Standby devices perform session synchronization normally?

Are there any possible problems with the above configuration?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

It is documented in the ClusterXL admin guide, also there are some STP considerations. Please refer:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ClusterXL_AdminGuide/207617....

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee

It is documented in the ClusterXL admin guide, also there are some STP considerations. Please refer:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ClusterXL_AdminGuide/207617....

CCSM R77/R80/ELITE
0 Kudos
ChoiYunSoo
Contributor

thank you for the reply

If you see the checkpoint guide, it is recommended not to use STP on the upper and lower switches.

Can you tell me why??

0 Kudos
PhoneBoy
Admin
Admin

Because we're not truly a Layer 2 device and STP requires that.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
ChoiYunSoo
Contributor

Thanks for the sincere reply

I referenced the attached SK115963, but looking at the affected versions of that document, it's from r77.10 to r77.30.
Does this issue affect all versions of Checkpoint Equipment overall, except for the version shown? (Customers are planning to install new version R81.10)

 

0 Kudos
PhoneBoy
Admin
Admin

The recommendation not to use STP goes back to the earliest days of Check Point and hasn't changed.

0 Kudos
ChoiYunSoo
Contributor

It was very helpful thanks for the reply

0 Kudos
Ruan_Kotze
Advisor

Apologies for reviving an old thread, but I am currently designing a ClusterXL bridge mode deployment and want to explore the STP requirements a bit further.  I understand why Check Point requires STP to be disabled, but the linked SK is a bit ambiguous.  Is it just 802.1D that needs to be disabled (sk115963 seems to imply that newer versions are OK?).

Disregarding the SK and going by the Admin Guide it seems any form of STP is a no-no, how does the community go about  taking STP out of play?  On the Cisco side one can only disable STP globally or per-VLAN.  Assuming that won't fly, would configuring the switch ports as PortFast with BPDUfilter enabled suffice?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events