Configuring VLAN Interfaces on top of a Bond Interface on Uplink Ports
This section shows how to configure VLAN Interfaces on top of a Bond Interface that is configured on Uplink Ports Interfaces on the Quantum Maestro Orchestrator used to connect to external and internal networks. Gaia operating system shows these interfaces in Gaia Portal and in Gaia Clish. SmartConsole shows these interfaces in the corresponding SMO Security Gateway object..
Procedure
-
Add the required VLAN tags and assign the Uplink ports to the applicable Security Group
You can perform this step in either Gaia Portal, or Gaia Clish of the Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO..
In Gaia PortalStep
Instructions
1
Connect with a web browser to the Gaia Portal on one of the Quantum Maestro Orchestrators.
2
Add VLAN tags on the applicable Uplink Ports.
3
4
In the bottom left corner, click Apply.
In Gaia ClishStep
Instructions
1
Connect to the command line on one of the Quantum Maestro Orchestrators.
2
Log in to the Gaia Clish.
3
Add VLAN tags on the applicable Uplink Ports.
4
Assign the applicable Uplink ports to the applicable Security Group.
5
Verify the new configuration.
6
Apply the new configuration.
-
Configure the Bond interface and VLAN interfaces on the Bond interface in the Security Group
You can perform this step in either Gaia Portal, or Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. of the Security Group.
In Gaia PortalStep
Instructions
1
Connect with a web browser to the Gaia Portal of the Security Group.
2
Configure the Bond interface on top of the Uplink ports.
3
Add the same VLAN interfaces on the Bond interface, which you added in the Quantum Maestro Orchestrator.
4
In Gateway mode only:
Assign the IP addresses to these VLAN interfaces.
Important - In VSX mode, you must assign the IP addresses in SmartConsole in the VSX Gateway object or applicable Virtual System object.
In Gaia gClishStep
Instructions
1
Connect to the command line of the Security Group.
2
Log in to the Expert mode.
3
Go to the Gaia gClish:
gclish
4
Configure the Bond interface on top of the Uplink ports.
5
Add the same VLAN interfaces on the Bond interface, which you added in the Quantum Maestro Orchestrator.
6
In Gateway mode only:
Assign the IP addresses to these VLAN interfaces.
Important - In VSX mode, you must assign the IP addresses in SmartConsole in the VSX Gateway object or applicable Virtual System object.
For more information, see the R81.20 Gaia Administration Guide.
-
Configure the Security Gateway or VSX Gateway object in SmartConsole
-
If you already created a Security Gateway object for this Security Group:
Step
Instructions
1
Connect with SmartConsole to the Management Server.
2
From the left navigation panel, click Gateways & Servers.
3
Open the applicable Security Gateway object.
4
From the left tree, click Network Management.
5
Click Get Interfaces > Get Interfaces Without Topology.
6
Click OK.
7
Install the Access Control Policy on this Security Gateway object.
-
If you already created a VSX Gateway object for this Security Group:
Note - For more information, see the R81.20 VSX Administration Guide.
Step
Instructions
1
Connect with SmartConsole to the Management Server.
2
From the left navigation panel, click Gateways & Servers.
3
Open the applicable VSX Gateway object.
4
From the left tree, click Physical Interfaces.
5
Click Add.
6
Add the new Bond interface.
Important - Enter the same name (case sensitive) you see in the Gaia settings of this Security Group.
7
In the VLAN Trunk column, check the box for this Bond interface.
8
Click OK.
9
Install the Access Control Policy on this VSX Gateway object.
10
Configure the VLAN interfaces in the applicable Virtual System.
11
Install the Access Control Policy on the applicable Virtual System object.
-
Item |
Description |
||
---|---|---|---|
1 |
Network 1 in VLAN 10 connected to ports on the Networking Device (3). |
||
2 |
Network 2 in VLAN 20 connected to ports on the Networking Device (3). |
||
3 |
Networking Device (router or switch) that connects your Network 1 and Network 2 to the Quantum Maestro Orchestrators (10 and 12) with Bond interfaces (Link Aggregation). |
||
4 |
Bond interface that connects Network 1 to the Quantum Maestro Orchestrators (10 and 12). This Bond interface provides a redundant Uplink connection for the traffic inspected by the Security Appliances (26 and 24) in the applicable Security Group (25). |
||
5 |
Bond interface that connects Network 2 to the Quantum Maestro Orchestrators (10 and 12). This Bond interface provides a redundant Uplink connection for the traffic inspected by the Security Appliances (23 and 21) in the applicable Security Group (22). |
||
6 |
A DAC cable, Fiber cable (with transceivers), or Breakout cable An optical fiber cable that contains several jacketed simplex optical fibers that are packaged together inside an outer jacket. Synonyms: Fanout cable, Fan-Out cable, Splitter cable. that connects a first slave of the first Bond (4) on the Networking Device (3) to the first Quantum Maestro Orchestrator (10). This cable connects to the Uplink port 3 (interface |
||
7 |
A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a second slave of the first Bond (4) on the Networking Device (3) to the first Quantum Maestro Orchestrator (12). This cable connects to the Uplink port 3 (interface |
||
8 |
A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a first slave of the second Bond (5) on the Networking Device (3) to the second Quantum Maestro Orchestrator (10). This cable connects to the Uplink port 9 (interface |
||
9 |
A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a second slave of the second Bond (5) on the Networking Device (3) to the second Quantum Maestro Orchestrator (12). This cable connects to the Uplink port 9 (interface |
||
10 |
First Quantum Maestro Orchestrator. |
||
11 |
A DAC that connects the dedicated Synchronization ports 32 on the Quantum Maestro Orchestrators (10 and 12).
|
||
12 |
Second Quantum Maestro Orchestrator. |
||
13-20 |
DAC cables, Fiber cables (with transceivers), or Breakout cables that connect Downlink ports Interfaces on the Quantum Maestro Orchestrator used to connect to Check Point Security Appliances. You use DAC cables, Fiber cables (with transceivers), or Breakout cables to connect between the Downlink ports and Security Appliances. The Check Point Management traffic (policy, logs, synchronization, and so on) co-exists with the data (user) traffic on the Downlink ports. Bandwidth is guaranteed for the Check Point Management traffic (portion of the downlink bandwidth). These ports form the system backplane (management, data plane, synchronization). on Quantum Maestro Orchestrators to the Security Appliances. |
||
21-23 |
All Security Appliances assigned to the Security Group 2. |
||
24-26 |
All Security Appliances assigned to the Security Group 1. |
Step |
Instructions |
---|---|
1 |
Configure the required settings on one of the Quantum Maestro Orchestrators:
|
2 |
Configure the required settings in the Security Group 1:
|
3 |
Configure the required settings in the Security Group 2:
|
4 |
In SmartConsole, add the new interface ( |