Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anthony_Kahwati
Collaborator

VSX: Mixed Routed and Bridged Mode

Hi CheckMates

I currently have a VSX deployment on R80.20 that is running a number of routed VS's who have access to a common V-Switch for access to our ISP VLAN. We are also running VSLS.

A requirement has recently come up for us to put in place a VPN head end that must not have it's public interface NAT'd. Enter the bridged firewall.

When I try to do a moc-configuration of this I get an error immediately at the first step that shows me the below:

 

Capture.PNG

I've been told by our support partner that the resolution for this is to change the VSX Bridge configuration  Bridge Active / Standby  State Determined by: from Standard Layer 2 Loop Detection to Checkpoint Cluster XL. They also suggest that I should not move to the CXL mode without a lot of thought and planning into the spanning tree protocol on the surrounding devices. For information, there are Cisco Nexus 7 or 9K's north and south and running VPC to the Checkpoint's bonded interfaces.

I'm going to catch up further with them to hopefully get an understanding of this as it's something a bit out of my Checkpoint experience but I was also hoping that someone else has some insight of how I can achieve what I want to, and, what the implications of moving from Standard L2 to CP CXL are?

Many thanks

0 Kudos
5 Replies
This widget could not be displayed.