Hi CheckMates
I currently have a VSX deployment on R80.20 that is running a number of routed VS's who have access to a common V-Switch for access to our ISP VLAN. We are also running VSLS.
A requirement has recently come up for us to put in place a VPN head end that must not have it's public interface NAT'd. Enter the bridged firewall.
When I try to do a moc-configuration of this I get an error immediately at the first step that shows me the below:
I've been told by our support partner that the resolution for this is to change the VSX Bridge configuration Bridge Active / Standby State Determined by: from Standard Layer 2 Loop Detection to Checkpoint Cluster XL. They also suggest that I should not move to the CXL mode without a lot of thought and planning into the spanning tree protocol on the surrounding devices. For information, there are Cisco Nexus 7 or 9K's north and south and running VPC to the Checkpoint's bonded interfaces.
I'm going to catch up further with them to hopefully get an understanding of this as it's something a bit out of my Checkpoint experience but I was also hoping that someone else has some insight of how I can achieve what I want to, and, what the implications of moving from Standard L2 to CP CXL are?
Many thanks