Anyone with experience with this, please make comments:
Will the 5060 will forward traffic with a multicast destination MAC address and unicast IP address?
The traffic from the Checkpoints to the Internet VRF should be unicast MAC addresses, but the traffic from the Internet VRF to the Checkpoints will be using a MAC address which is a group/multicast MAC address. This is a requirement of the load sharing cluster on the Checkpoint. The easiest way to put the PAN inline is to do layer-2 between the Checkpoints and the PAN. Basically we’d move the interface on the Internet VRF to a new VLAN and use the PAN to bridge it to the new VLAN.
We would certainly like to hear from anyone who has put a PAN upstream of their enterprise Checkpoint cluster and how it worked out.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!