Recommendation for NX7009 - Checkpoint FW topology?
We have a pair of NX7009 and a pair of Checkpoint 12600. I'm new to Checkpoint. Is active/passive the best practice for high availability on Checkpoint? I know it can also run in active/active mode.
One NX7009 will have a connection to one Checkpoint, and the 2nd NX7009 will have a connection to the other Checkpoint. If running active/passive between the pair of Checkpoint, and we want to have Layer 2 trunk between NX7009 and Checkpoint, should we put the two ports (one on each NX7009) into VPC? I'm not sure if that will work since Checkpoint only knows on active connection in active/passive mode.
If we keep the same NX7009 to Checkpoint connections (one NX7009 to one Checkpoint and the other NX7009 to the 2nd Checkpoint), but like to make the connection as Layer 3 between Checkpoint and NX-7009 pair, what's the recommendation in that topology? I know it's not recommended to make NX7009 VPC port-channel as Layer 3.
Here are some commonly asked questions and answers to help with your adoption of Cisco ACI solution. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Join us for this #CiscoChat focused on how you can unlock the power of your hybrid cloud infrastructure. A panel of Cisco and industry experts will discuss Cisco’s hybrid cloud strategy and dive deep into the future-ready infrastructure behind it all.