cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
0
Helpful
0
Replies
Highlighted
Explorer

Recommendation for NX7009 - Checkpoint FW topology?

We have a pair of NX7009 and a pair of Checkpoint 12600. I'm new to Checkpoint. Is active/passive the best practice for high availability on Checkpoint? I know it can also run in active/active mode.

One NX7009 will have a connection to one Checkpoint, and the 2nd NX7009 will have a connection to the other Checkpoint. If running active/passive between the pair of Checkpoint, and we want to have Layer 2 trunk between NX7009 and Checkpoint, should we put the two ports (one on each NX7009) into VPC? I'm not sure if that will work since Checkpoint only knows on active connection in active/passive mode.

If we keep the same NX7009 to Checkpoint connections (one NX7009 to one Checkpoint and the other NX7009 to the 2nd Checkpoint), but like to make the connection as Layer 3 between Checkpoint and NX-7009 pair, what's the recommendation in that topology? I know it's not recommended to make NX7009 VPC port-channel as Layer 3.

Thanks for any suggestion

Everyone's tags (5)
This widget could not be displayed.