CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: VRRP setup on a Checkpoint firewall

  1. #1
    Join Date
    2006-07-13
    Location
    Belfast
    Posts
    128
    Rep Power
    15

    Default VRRP setup on a Checkpoint firewall

    Hello,

    My Checkpoint R70 firewall is a Model IP690

    I have 2 routers which sit outside my network that i want to connect directly into the Checkpoint firewall. CPE Router 1 is the active router and CPE Router 2 is the secondary. I have HSRP installed between CPE Router 1 and CPE Router 2. CPE Router 1, CPE Router 2 and the HSRP ip addresses are all on the same subnet. They will both talk to the same servers inside my Checkpoint firewall and i have the rules on Smartdashboard to talk to the servers.

    So i have cabled in CPE Router 1 into slot eth-s1p1 (B) on my firewall and CPE2 into slot eth-s3p3 (D)

    Q. Do i need to have VRRP on the checkpoint to make this scenario work?

    or will i need a switch between the Checkpoint and the Routers?

    thanks for any advice

    regards,
    Kevin

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: VRRP setup on a Checkpoint firewall

    VRRP is for where running 2 Check Point appliances in a HA scenario. From your scenario there is 1 IP690 with 2 CPE Routers attached.

    You should disconnect the 2 CPE Routers from the Firewall, and place a Network Switch / VLAN a segment to use for the connection between the IP690 and the 2 CPE devices.

  3. #3
    Join Date
    2006-07-13
    Location
    Belfast
    Posts
    128
    Rep Power
    15

    Default Re: VRRP setup on a Checkpoint firewall

    Thanks for the advice - just curious but why do i need to have a switch between the routers and the firewall.

    Kevin

  4. #4
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: VRRP setup on a Checkpoint firewall

    The HSRP traffic needs to be able to get between the two Routers. If you plug them both into the Firewall then you effectively place a Router with an Access List on it between the two Routers, and the two interfaces on teh Firewall need to be in seperate networks so you cannot pass the HSRP traffic between the two Routers.

    By placing a Switch to connect them up then the Firewall has 1 interface to talk to the HSRP IP on the Routers and the Switch allows the two routers to talk to themselves.

  5. #5
    Join Date
    2006-07-13
    Location
    Belfast
    Posts
    128
    Rep Power
    15

    Default Re: VRRP setup on a Checkpoint firewall

    Thanks for your help. I plugged the two routers into a switch which then plugged into the firewall and HSRP works fine.

    Cheers
    Kevin

Similar Threads

  1. Dual firewall VPN setup with NAT support required
    By suhailpuri in forum Check Point Firewall Administrator's Toolkit
    Replies: 1
    Last Post: 2013-06-05, 13:51
  2. UTM VRRP setup
    By avilT in forum Check Point UTM-1 Appliances
    Replies: 3
    Last Post: 2009-01-20, 07:17
  3. Could someone explain/help. NAT query for VRRP setup.
    By Wasted_Potential in forum NAT (Network Address Translation)
    Replies: 5
    Last Post: 2008-03-18, 12:29
  4. a flaw in the VPN-Checkpoint setup?
    By Jahk Nah Rai in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 9
    Last Post: 2006-06-14, 19:07
  5. Backup Firewall setup?
    By Westy in forum Check Point Backup Procedures
    Replies: 1
    Last Post: 2006-02-13, 15:14

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •