CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: checkpoint cluster and router with vrrp

  1. #1
    Join Date
    2006-11-05
    Posts
    44
    Rep Power
    0

    Default checkpoint cluster and router with vrrp

    Hi,
    Would like to know some inputs.....

    i have a checkpoint cluster installed using 4400 appliance, at the same time, i have a routers with VRRP configured,

    Is it necessary to connect a L2 switch between appliance and firewall, or can i connect directly - cross connections for redundancy.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: checkpoint cluster and router with vrrp

    Plug together using a L2 Switch.

    FW1 and FW2 interfaces need to be able to send VRRP packets between each other so they have to be able to see each other.

    ie FW1 External interface sends out VRRP updates on the LAN. This is recieved on the FW2 External Interface and FW2 see's that FW1 has a higher priority and so FW1 should be Master. FW2 therefore remains as Backup. If FW2 does not get the VRRP updates from FW1 then it sees that itself is the higher priority and so will become Active.

    If you connect FW1 to Router1 directly then FW1 and FW2 External Interface cannot see each other, so would get an Active-Active scenario.

    If your Router as a Switch built into it, ( like consumer home broadband routers do ) so that can have multiple interfaces in the same VLAN then you could.

    Router1 to Router2 Direct.
    R1 to FW1 Direct
    R2 to FW2 Direct

    FW1 to FW2 therefore goes

    FW1 External into R1 Switch, R1 Switch across to R2 Switch, R2 Switch into FW2 External.

    However you MUST have this switch capability built into the Router.

Similar Threads

  1. VPN with Checkpoint VSX (Virtual Router)
    By akhtar.samo in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2013-01-31, 08:24
  2. Checkpoint VPN behind Cisco Router.help me!
    By ctlam in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2012-09-14, 02:26
  3. Converting static NAT from Cisco router to checkpoint
    By maddy_24 in forum NAT (Network Address Translation)
    Replies: 7
    Last Post: 2010-03-01, 02:16
  4. Router Transitioned to VRRP Master
    By ntxploits in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 5
    Last Post: 2009-07-27, 03:40
  5. 3G Router and Checkpoint VPN
    By n1koolkat in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2009-03-03, 14:31

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •