Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Employee
Employee

VSX Bridge Mode VS

Jump to solution

Hi ,

 

Trying to create a Bridge Mode VS in a VSX HA Cluster. This Cluster contains other Layer 3 VS's. I have read the User Manual and bit confused what options I need to choose . I assume following are correct.

 

VSX is running on R80.10 Take 203 Active/Standby

1. Go to each Cluster member, cpconfig and  Enable ClusterXL for Bridge Active/Standby, Reboot.

2.  Go to Smart Console, Cluster Object Properties, Other, VSX Bridge Configuration, Select "Check Point ClusterXL", install the VSX Policy

3. Create a VS with Bridge Mode selected and configure 2 interfaces.

Could you confirm above steps are correct ?

 

Also which file contains the VSX Cluster specific configuration ( I mean file name in the VSX Member) ? 

Thanks for your help

 

@PhoneBoy 

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin
Those steps look correct to me.

As for the "VSX Cluster Specific Configuration" there isn't one specific file.
All the necessarily details are pushed from the management.
As long as that is appropriately backed up, you should be able to recover in case the gateway fails.

View solution in original post

0 Kudos
Reply
5 Replies
Admin
Admin
Those steps look correct to me.

As for the "VSX Cluster Specific Configuration" there isn't one specific file.
All the necessarily details are pushed from the management.
As long as that is appropriately backed up, you should be able to recover in case the gateway fails.

View solution in original post

0 Kudos
Reply
Employee++
Employee++

Suggest also reviewing sk121451 and the fwkern.conf parameters.

0 Kudos
Reply
Admin
Admin

Answering the last question in the post:

There are several special provisioning files on each of VSX cluster members, called local.vs, local.vsall, local.vskeep.

However, they are used and updated only in conjunction with management server operations. In a nutshell, if SIC is up and MDS/SMS available, VSX cluster members always contact management domain first to get most up to date provisioning info.

For implementation part, I strongly suggest you following the admin manual for your VSX version.

0 Kudos
Reply
Contributor

Hi @_Val_ , I have similar setup but I just wanted to know if my interface configuration is correct. My intention is to allow all VLANs to pass through the firewall, now my interface config is non-trunk physical port (the trunk is not checked) for both of physical interface participating in the bridge link. So far, all it passes it all and well but I am just wondering if this is correct or do I need to tag the VLANs? However, if I tag each VLANs, VSX will not accept it because I am currently in Active/Standby mode. Is this how CP behaves in VSX bridge mode? Thanks a lot.

0 Kudos
Reply
Admin
Admin

If you are talking about bridge mode, you need to create all interfaces with VLANs. there is not trunk mode there

0 Kudos
Reply