CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of Check Point.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 3 of 3

Thread: Clusterxl and mc-lag

  1. #1
    Join Date
    2013-10-15
    Posts
    7
    Rep Power
    0

    Default Clusterxl and mc-lag

    Hi,

    We are planning to buy a new core switch(ex9208) so we have a pair of Core Switch. Right now we have clusterxl of 2 checkpoint 12000 connect to one core switch and there's no problem With the current topology(1 core switch), the core know/have the standby/active/vip mac so the core know where to forward the traffic. In switch theres a feature mc-lag allow 1 device/switch/server connect to pair of core switch and have a active/active link. What i want is, it is possible to do clusterxl active/standby with mc-lag to pair of core switch ? Can i just config lacp/bond in the gateway and mc-lag in the core ?

    Thx.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,186
    Rep Power
    13

    Default Re: Clusterxl and mc-lag

    If understood then MC-LAGG on Juniper EX9208 is Multichassis Link Aggregation.

    Not an expert on Junipers however from reading then I don't see where this would be a problem with the Check Point. Just make sure that create the Bond on the Check Point using LACP/802.3ad as opposed to the defaults.

    You then use the MC-LAGG feature to create bonded interface between two interfaces on the separate Core Switches so that the Check Point see's a bonded link as well.

    The MC-LAGG should then permit the Switch to handle having the MAC etc seen on both switches etc which is the purpose of MC-LAGG.

    Would expect this to be transparent to the Check Point in reality.

  3. #3
    Join Date
    2013-10-15
    Posts
    7
    Rep Power
    0

    Default Re: Clusterxl and mc-lag

    Quote Originally Posted by mcnallym View Post
    If understood then MC-LAGG on Juniper EX9208 is Multichassis Link Aggregation.

    Not an expert on Junipers however from reading then I don't see where this would be a problem with the Check Point. Just make sure that create the Bond on the Check Point using LACP/802.3ad as opposed to the defaults.

    You then use the MC-LAGG feature to create bonded interface between two interfaces on the separate Core Switches so that the Check Point see's a bonded link as well.

    The MC-LAGG should then permit the Switch to handle having the MAC etc seen on both switches etc which is the purpose of MC-LAGG.

    Would expect this to be transparent to the Check Point in reality.
    Thx, thats what i think too. Hope this right

Similar Threads

  1. FIB and ClusterXL
    By cciesec2006 in forum Dynamic Routing
    Replies: 9
    Last Post: 2011-02-27, 16:11
  2. ClusterXL is not responding
    By jiehong in forum SmartView Monitor
    Replies: 3
    Last Post: 2011-01-07, 10:24
  3. Need help with ClusterXL problem
    By cciesec2006 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 6
    Last Post: 2007-12-12, 23:19
  4. NGX HA *without* ClusterXL
    By brixo in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2007-05-30, 09:50
  5. ClusterXL is for FW-1 and VPN-1?
    By ppnair@gmail.com in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2007-01-30, 14:57

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •