Hi all,
What is the best way to connect a Firewall cluster (Checkpoint FW cluster) to a vPC Domain ?
Current Topology is like as below. We are gonna replace Cat6Ks with N7Ks.
FW#1(Active) ----- keepalive for amongt FWs -------- FW#2 (Standby)
I I
I I
I I
I VLAN 100 HSRP on Cat6K Side I
I I
I I
Cat6K#2 -------------------peer keepalive------------------------------Cat6K#2
--------------------- peer link-----------------------------------
I know my options are :
- Connect the FWs to an edge switch which supports etherchannel and connects to vPC domain through that port channel.
- Connect the FWs through two ports (LACP config) to both N7Ks.
- Setup a seperate STP link between N7Ks, configure VLAN 100 on this link and then keep running HSRP on VLAN 100 on both N7ks on this non vPC VLAN.
- Setup the links between N7Ks and FWs as routed links and run a dynamic routing protocol in between.
Thanks in advance.
Dumlu
