Configuring Jumbo Frames

VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. supports Jumbo Frames and lets you configure up to the maximum MTU of the NIC driver.

Jumbo Frames on a Virtual Switch

Configure the MTU of a Virtual SwitchClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW. to enable Jumbo Frames on the Virtual Systems that are connected to the Virtual Switch. When you configure the MTU of the Virtual Switch, all the related Warp Links and interfaces are automatically changed to the new value.

You cannot configure the MTU of a Warp LinkClosed Logical interface that is created automatically in a VSX topology between: (1) Virtual System and Virtual Switch (2) Virtual System and Virtual Router. Acronym: WRP. from the Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS..

To configure Jumbo Frames on a Virtual Switch:

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Target Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. used to manage the Virtual Switch.

  2. From the Gateways & Servers view or Object Explorer, double-click the Virtual Switch object.

  3. From the left tree, click Topology.

  4. In the Interfaces section, select the applicable interface and click Edit.

  5. On the General tab, configure the MTU.

  6. Click OK.

  7. Publish the session.

Jumbo Frames on a Virtual System in Bridge Mode

Configure the MTU of a Virtual System in Bridge ModeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. to enable Jumbo Frames on the interfaces.

To configure Jumbo Frames on a Virtual System in Bridge Mode:

  1. Connect with SmartConsole to the Security Management Server or Target Domain Management Server used to manage the Virtual System.

  2. From the Gateways & Servers view or Object Explorer, double-click the Virtual System object.

  3. From the left tree, click Topology.

  4. In the Interfaces section, select the applicable interface and click Edit.

  5. On the General tab, configure the MTU.

  6. Click OK.

  7. Publish the session.

  8. Install the applicable policy on the Virtual System object.

Viewing Jumbo Frames Configuration on Security Group Members

Description

Use the Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. command show interface to view the current MTU configuration on Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

If the returned MTU value is 9600, then support for Jumbo Frames is enabled on the specified intertface.

Syntax

show interface <Name of Physical Interface> mtu

Example

[Global] MyChassis-ch01-01 > show interface eth0 mtu

mtu 1500

[Global] MyChassis-ch01-01 >

Configuring Support for Jumbo Frames on VSX

  1. Connect with SmartConsole to the Management Server.

  2. Open the Security Group object in VSX mode.

  3. From the left tree, click Topology.

  4. Edit the applicable interface.

  5. On the General tab, configure the valid MTU value (for example, 9600).

  6. Click OK.

  7. Install the policy on the Security Group object.

Disabling Support for Jumbo Frames on VSX

  1. Connect with SmartConsole to the Management Server.

  2. Open the Security Group object in VSX mode.

  3. From the left tree, click Topology.

  4. Edit the applicable interface.

  5. On the General tab, set the valid MTU value (for example, 1500).

  6. Click OK.

  7. Install the policy on the Security Group object.