Table of Contents
Advertisement
eth-s2p1, eth-s2p2, eth-s2p3, eth-s2p4, eth-s2p5, eth-s2p6, eth-s2p7, eth-s2p8, eth-s2p9, eth-
s2p10, eth-s2p11, eth-s2p12
Since the ADP interface names are not exactly the same as other PMC NIC interface names, you
need to reconfigure your appliance when you replace PMC NICs with an ADP module or an
ADP module with PMC NICs.
Configuring Network Topology with an IP2450 Appliance
There are several constraints that are relevant to your network topology after you install an ADP
module in an IP2450 appliance that are also relevant to the interaction of ADP interfaces and
NIC interfaces.
When you install an ADP module in an IP2450 appliance, Check Point recommends that you
configure your network so that your appliance does not forward traffic between ADP interfaces
and PMC NIC interfaces even if the NIC interfaces are Gigabit Ethernet. Using a configuration
of this type can significantly degrade throughput due to the need for packets to traverse multiple
PC backplane buses.
When you install an ADP module in an IP2450 appliance, the network processor in the module
performs all VPN encryption and decryption, even for VPN packets that are sent through PMC
NIC interfaces. The built-in Check Point encryption accelerator continues to accelerate IKE
traffic but does not perform any other processing. If VPN traffic is sent through a NIC interface,
throughput is negatively affected because the packets must transit the IP2450 appliance
backplane to reach the network processor in the ADP module. Check Point recommends that
you configure your VPNs to use only ADP interfaces to avoid this performance loss.
Configuration Example with VRRP
This example describes the steps required to install an ADP module in an IP2450 appliance with
VRRP configured. The following figure shows the Interface Configuration page of the platform
before an ADP module is installed.
Check Point IP2450 Security Platform Installation Guide
Configuring Check Point IPSO for IP2450 ADP Interfaces
77
Advertisement
Table of Contents
