This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LOcfemia
Participant
‎2019-07-09 11:28 AM

VSX Shared Vlan Interfaces and ARP Issue

We are deploying VSX and getting some difficulties implementing it to customer's environment whether we use vSwitch or vRouter.

Both VSes need to have an access to shared vlan interfaces (internal & DMZ). eth5 (internal) has 4 vlans and eth6 (DMZ) has 1 vlan only. I believe vSwitch can have only 1 vlan tag, it seems we don't have other options but to use vRouter or create multiple vSwitch for each vlan.

The second problem is after creating vSwitch and connecting to VS0  (warp link) with the ip address of 10.10.1.254, the gateway or VS0 is not responding to arp request.
"arp who-has 10.10.1.254 tell 10.10.1.210" Clearly, that IP belongs to virtual device.

Did I miss anything? Any suggestion are welcome and appreciated. 

I have attached the topology for reference. Thank you.

 

VSX Diagram.png

0 Kudos
2 Replies
Maarten_Sjouw
Champion
Champion
‎2019-07-09 01:25 PM

For each VLAN you need to connect to more than 1 VS you create a virtual switch, this Virtual switch can also be connected to a VLAN in a trunk port. This is not limited to a physical interface.
Regards, Maarten
Kaspars_Zibarts
Employee Employee
Employee
‎2019-07-10 12:54 AM

As said earlier vSwitch can only handle one VLAN. So technically you could spin up 5 vSwitches one for each VLAN. But I struggle to understand the purpose of two firewalls connecting to the same interfaces (all) I understand if they shared one or two, but not all. Seems a bit strange.

ARP issue is probably related to VLAN tagging not set correctly or check your trunk between VSX and next hop

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events