This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CyberBreaker
Contributor
‎2020-07-17 05:42 AM

VSX Bridge Mode in STP

Hi Guys, I would like to check with you if the CP in VSX bridge mode is also participating in STP negotiations when connected to switches? Thank you.

0 Kudos
1 Reply
Timothy_Hall
Legend Legend
Legend
‎2020-07-17 06:56 AM

Not directly, all BPDUs received on a bridged interface are automatically forwarded as-is to all other interfaces of the same bridge group.  This process is controlled by the Gaia OS via sysctl variable net.bridge.bpdu_forwarding which is set to 1 by default and should generally be left that way.  So the firewall's bridge mode interfaces are essentially transparent to the adjacent switches performing STP with each other, and no special policy rule is required.

However in a VSX cluster, when a failover occurs a flood of special packets is generated on the newly-active member to ensure the switch's forwarding table is updated properly.  For more info on this special flooding behavior see sk71520: Failover in a bridge-mode VS in ClusterXL Active/Standby bridge state setup causes outage i....

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events