Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jphwtx
Explorer

Maestro MHO-140s and SG6200s - 25/100Gbit uplinks & downlinks?

We have a couple of Maestro clusters anchored by MHO-140s. Each cluster has several security groups consisting of SG6200s. All uplinks & downlinks are 10Gbit.

It was not well documented, but we discovered that the SFP ports on the MHO-140s support SFP28 (25Gbit.) We would like to begin using these ports in that mode for internal downlinks (probably in bonds), and use 100Gbit ports for uplinks. Will the SG6200s work in this fashion? Essentially this would meant that each SG would have 2x100Gbit QSFP28 uplinks and 4-8 25Gbit SFP28 internal downlink distributed evenly across each of the two MHOs in that Maestro cluster. Will Gaia support this especially given that the uplinks would be considerably faster than the downlinks?

0 Kudos
5 Replies
Wolfgang
Authority
Authority

@jphwtx  with R81.20 the new 25G transceivers are supported. You can use them in a MHO-140 in the SFP+/SFP28 ports. But your 6200 appliances doesn‘t support these type of transceivers. This will be fine because 6200 appliances are not very powerful to support more then 10G. If you want to use more then two ports per 6200 downlinks you can use a quad port 10G linecard and attaches two 10g ports to every MHO-140.

transceiver compatibility can be seen here Compatibility of transceivers for Check Point appliances 

Chris_Atkinson
Employee Employee
Employee

@Wolfgang is correct regarding the 6200 for specifications please see:

6200-security-gateway-datasheet.pdf

Even connecting additional 10Gbps interface downlinks to them is likely unnecessary as a result.

sk158652: Configuration of Downlinks for Maestro Appliances 

 

CCSM R77/R80/ELITE
0 Kudos
jphwtx
Explorer

Let me ask you this: With two 100Gig QSFP28 transceivers in the MHO140, a 6200 allows me to configure those ports as interfaces. Are you saying this configuration is not supposed to work, either in this manner or if I were to do the same with SFP28 transceivers as well?

0 Kudos
Wolfgang
Authority
Authority

@jphwtx  Maybe I misunderstand what you want .....Your downlinks between your MHO-140 and your 6200 are now 10G links and you want to change to change these to more with 25/40 or 100G ?

That's not possible. The 6200 appliances doesn't support higher interfaces then 10G.

Indeed you can use 100G for your uplinks. But based on the datasheet you need a lot of 6200 appliance to get the performance of 100G. I know sometimes are requirements to use higher interface rate for physical links but no need for the real throughput of this. 

"a 6200 allows me to configure those ports as interfaces" I think you does not mean the 6200 allows this, it's the SecurityGroup where this interface is configured as uplink. This is allowed but these interface is the uplink between MHO-140 and your local network environment not the downlink.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

You cannot use interface types greater than 10Gbps as downlinks (backplane connectivity) for a 6200.

Uplinks (network attachment of MHO) is an entirely different scenario when you consider an SG typically would see them as Bonds.

With that said exposing a 6200 to 100Gbps of uplink from a dimensioning point of view likely doesn't make sense as you would require many 6200s to support that throughput versus other more appropriately sized appliances.

CCSM R77/R80/ELITE
0 Kudos