Create a Post
Showing results for 
Search instead for 
Did you mean: 
Jump to solution

VSXs maximum subinterfaces? Check Point Suggestions requested

some of our DMZs switches have been depreciated and we are planning on moving the hosts from these switches to a layer two DMZ switch and have the routed interface of each of the VLANs that support all our host in the DMZs be routed by the FW. In other words the FW would have a bond to the new switch and have sub interfaces down the trunk where the routed interface for the DMZ networks would be the FWs; static routing. Management has asked to get a sign off from Check Point of the maximum number of routed interfaces the FWs could handle and if there would be any impact moving the routed interface to the FWs instead of leaving the routing at the switches. I know that sub interfaces are directly dependent to the amount of VLANs supported on an interface; which is 4096. If this the same for your FWs and would there be a performance degradation moving to this design? The FWs Backchannel FWs will be trunked down to the layer two DMZ switch down 10G links. Will moving to static routing off of FW sub interfaces representing the DMZ VLANs degrade or have a performance hit on our Perimeter Gateways? 


0 Kudos
3 Replies
This widget could not be displayed.