CheckMates Toolbox Contest 2024
Submit a Tool for a Chance to WIN a $300 or $50 Gift Card!
May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
Harmony Endpoint:
Packing a Punch in 2024
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
The Difference Is In The Details
I think the original recommendation to set CCP to broadcast during a Zero Downtime upgrade procedure was to ensure proper handling of CCP traffic by the attached switches during the upgrade, as some switches would not always reliably forward multicast packets. If that happened during an upgrade it would cause the cluster members to repeatedly bounce from active/ready to down/active and back to active/ready again which would cause traffic handling issues.
However if upgrading into R80.40 or later from R77.30+, you should not be using the Zero Downtime upgrade method or messing around with the CCP transport mode even though doing so is still supported. Use Multi-Version Cluster instead which is the replacement for the old "Full Connectivity Upgrade" (FCU); in R80.40 the default mode for CCP is "Automatic" and will normally auto-select to the new CCP unicast mode which avoids all the multicast & broadcast issues/floods. Please see my post here: https://community.checkpoint.com/t5/Security-Gateways/Enable-MVC-During-Cluster-Upgrade/m-p/118524/h...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
