This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marko_Keca
Contributor
‎2023-09-28 03:59 AM

VRRP between VSs on different VSX clusters

Hello all,

Is it possible to use VRRP on Check Point between VSs on different VSX clusters?

Reason:

We have 2 datacenters. Each has its own VSX cluster, managed from different CMA. Behind Check Point is NSX stretched deployment, and NSX management VLAN is L3 terminated on one of VSs. We would like to use VRRP address for default gateway in NSX management, so if one cluster/DC fails, we will not lose management connectivity to other site, and other site will be able to communicate with witness server (on separate location).

So basically we don't want to use it as clustering method. We want only benefit of sharing Virtual IP between two separate VSs for default gateway.

 

Thanks in advance!

Regards
--
Marko

 

0 Kudos
5 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-09-28 07:58 AM

This is not possible.

Separately, spanning a layer 2 domain between datacenters is a really bad idea from an availability design perspective. Complicated low levels lead to problems which are extremely hard to debug at higher levels.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-28 12:16 PM

VRRP is not supported on VSX.

0 Kudos
Marko_Keca
Contributor
‎2023-09-28 04:44 PM
In response to PhoneBoy

Thank you all for the answers!

Would it be possible if we have two non-VSX clusters?

Regards,
--
Marko

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-28 07:16 PM
In response to Marko_Keca

Gaia supports VRRP for non-VSX, but it's primarily tied to ClusterXL.
Not sure this will work the way you expect.
It's definitely not a good design, as @Bob_Zimmerman pointed out.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-09-28 04:31 PM

For a list of supported features on VSX please refer sk79700

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events