This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AM_2019
Employee Employee
Employee
‎2020-03-17 03:46 PM
Jump to solution

VSX Bridge Mode VS

Hi ,

 

Trying to create a Bridge Mode VS in a VSX HA Cluster. This Cluster contains other Layer 3 VS's. I have read the User Manual and bit confused what options I need to choose . I assume following are correct.

 

VSX is running on R80.10 Take 203 Active/Standby

1. Go to each Cluster member, cpconfig and  Enable ClusterXL for Bridge Active/Standby, Reboot.

2.  Go to Smart Console, Cluster Object Properties, Other, VSX Bridge Configuration, Select "Check Point ClusterXL", install the VSX Policy

3. Create a VS with Bridge Mode selected and configure 2 interfaces.

Could you confirm above steps are correct ?

 

Also which file contains the VSX Cluster specific configuration ( I mean file name in the VSX Member) ? 

Thanks for your help

 

@PhoneBoy 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-03-17 04:36 PM
Jump to solution

Those steps look correct to me.

As for the "VSX Cluster Specific Configuration" there isn't one specific file.
All the necessarily details are pushed from the management.
As long as that is appropriately backed up, you should be able to recover in case the gateway fails.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-03-17 04:36 PM
Jump to solution

Those steps look correct to me.

As for the "VSX Cluster Specific Configuration" there isn't one specific file.
All the necessarily details are pushed from the management.
As long as that is appropriately backed up, you should be able to recover in case the gateway fails.
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2020-03-17 07:16 PM
Jump to solution

Suggest also reviewing sk121451 and the fwkern.conf parameters.

CCSM R77/R80/ELITE
0 Kudos
_Val_
Admin
Admin
‎2020-03-18 04:29 AM
Jump to solution

Answering the last question in the post:

There are several special provisioning files on each of VSX cluster members, called local.vs, local.vsall, local.vskeep.

However, they are used and updated only in conjunction with management server operations. In a nutshell, if SIC is up and MDS/SMS available, VSX cluster members always contact management domain first to get most up to date provisioning info.

For implementation part, I strongly suggest you following the admin manual for your VSX version.

0 Kudos
CyberBreaker
Contributor
‎2020-07-17 11:03 AM
In response to _Val_
Jump to solution

Hi @_Val_ , I have similar setup but I just wanted to know if my interface configuration is correct. My intention is to allow all VLANs to pass through the firewall, now my interface config is non-trunk physical port (the trunk is not checked) for both of physical interface participating in the bridge link. So far, all it passes it all and well but I am just wondering if this is correct or do I need to tag the VLANs? However, if I tag each VLANs, VSX will not accept it because I am currently in Active/Standby mode. Is this how CP behaves in VSX bridge mode? Thanks a lot.

0 Kudos
_Val_
Admin
Admin
‎2020-07-17 01:31 PM
In response to CyberBreaker
Jump to solution

If you are talking about bridge mode, you need to create all interfaces with VLANs. there is not trunk mode there

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events