cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
303
Views
0
Helpful
2
Replies
BHconsultants88
Beginner

Check Point firewall entries in Cisco ARP table

Hi everyone

 

This is probably a simple one so apologies in advance. I have a Check Point 5800 HA cluster in a Data Centre and following some work on a Cisco Nexus, looked at the ARP table and saw the following for my firewalls:

 

Internet 19.23.13.140 0 001c.7f81.0908 ARPA GigabitEthernet0/0/0 (CP VRRP)
Internet 19.23.13.141 0 001c.7f81.13a8 ARPA GigabitEthernet0/0/0 (CP 1 interface)
Internet 19.23.13.142 0 001c.7f81.0908 ARPA GigabitEthernet0/0/0 (CP 2 interface)

 

Can someone tell me why CP2 MAC address is the same as CP VRRP? I was thinking that CP2 is acting as the master but would appreciate if this could be confirmed.

 

Many thanks

2 REPLIES 2
balaji.bandi
VIP Expert

yes, that is normal, what deployment is this Custer XL or Secure or what mode? 

 

Do you see any issue, what is the nexus side config vPC?

 

 



BB


*** Rate All Helpful Responses ***

kka
Contributor
Contributor

Using the interface MAC for the cluster IP has the disadvantage that the ARP entry on all devices using this cluster IP as gateway has to be updated in case of a failover. Although the Check Point  floods gratuitous ARP from the active node to update the tables on all connected devices, we have seen this not working on some older devices. These loose connectivity for routed traffic until they update their ARP table several minutes later.

 

(Newer) Check Point supports VMAC as a "shared" cluster MAC. This VMAC is moved to the active node IF similar as in HSRP or VRRP.