This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Neville_Kuo
Advisor
‎2018-05-25 09:23 AM

OSPF neighbor count

Dear all:

Is there anyone who ever managed over 200 OSPF neighbors and 6 ares before? It's not difficult with Juniper/Cisco or other vendors but what about Check Point?

The customer is using Juniper SSG5200(HA) and doing OSPF over ipsec(Route based VPN) with 200 Juniper SSG350M(2 wan links) for 10 years(Built by me.), if I want to replace with Check Point, can central vpn termination point can handle so many vpn tunnels and OSPF neighbors? I'm afraid of routeD crashes sometimes, that's a nightmare for this kind of network scope.

I know customer can have better choice but I'm wondering can I do the same thing with CP5600(HA) and SMB models like CP1490(For branches)?

4 Replies
XBensemhoun
Advisor
‎2018-05-26 06:57 AM

I assume your question could be divided on two points:

 - OSPF ability; I assume yes; you can check on sk95968‌ OSPF on Gaia general document and on its related documentations and solutions

- VPN in large environment: will you try Multiple Entry Point (MEP)? If so, look at the dedicated section of the VPN admin guide of your version.

0 Kudos
Neville_Kuo
Advisor
‎2018-05-27 06:55 PM
In response to XBensemhoun

Hi:

Actually I'ved tried large number of ospf neighbors and neighbors status start random dropping after over 60 neighbor counts(About 2 years ago with R77.30), that's why I doubt Check Point's routeD stability, and MEP is not what customer need since customer's dual wan should be Active/Active mode.

But still thanks for your replay, hope R80.10 or later version can be better.

XBensemhoun
Advisor
‎2018-05-28 07:00 AM
In response to Neville_Kuo

So we need to wait concrete feebadck from Check Point: Dameon Welch Abernathy‌ could you help us on this?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-28 04:06 PM
In response to XBensemhoun

We've made a number of stability improvements in routed over the last two years, including situations where there are a large number of OSPF neighbors.

I believe most of these fixes were rolled into R80.10 as some of these fixes were available in R77.30 as well.