Hey Networking Experts,
I am looking at a couple of Checkpoint Firewalls in HA deployment, and maybe someone can illuminate whether this unique behavior is expected, or not expected, because it doesn't seem to make sense.
They share a single VIP (two CheckPoint Firewalls in HA), but don't appear to share a single Virtual MAC address, so when there is a failover, the (at the time) secondary has to send out a GARP for the new MAC address for their VIP. This is a completely different behavior from what I am accustomed to with FirePower Firewalls, which share both a single VIP and Virtual MAC.
Is the shared VIP and unique MAC addresses of the CheckPoint Firewalls (after a failover) an expected behavior for these devices, or should they share a both a VIP and a Virtual MAC like seen on Cisco Firewalls?
Can they be configured to use a singe Virtual MAC?
- Thanks Reddit Pro Team
No comments:
Post a Comment