https://community.checkpoint.com/t5/Firewall-and-Security-Management/Query-on-Configuring-interface-to-be-not-monitored-in-cluster/m-p/125918#M18280 <P>Hi Team ,</P><P>Would like to know if we remove the Monitored interface from the cluster and make it has Private does it loose the VIP and the interface doesn't participate in the cluster anymore ?</P><P><STRONG><U>Setup details :</U></STRONG></P><P>Checkpoint R80.20 in Cluster setup.</P><P><BR />CCP mode: Manual (Unicast)<BR />Required interfaces: 6<BR />Required secured interfaces: 1</P><P><BR />ClusterXL VLAN monitoring per interface:<BR /><BR />Interface | Low VLAN | High VLAN<BR /><BR />eth2-03 | 3XX | 6XX<BR />eth1-01 | 3XX | not configured</P><P>Interface Name: Status:<BR />eth1-01.XXX UP</P><P><BR />Security GW: Lowest and highest VLANs are monitored per interface.</P><P>&nbsp;</P><P><FONT face="arial black,avant garde" color="#003366">Updated</FONT></P><P>-------------------------</P><P class="xxxxxmsonormal"><SPAN>Like Cisco ASA (#no monitor-interface commands) we can disable monitoring from cluster.</SPAN></P><P class="xxxxxmsonormal"><SPAN>But if we configure the Checkpoint with the network type private we cannot assign virtual IP address</SPAN></P><P>Also&nbsp;<SPAN>If we configure interface as Private, <U><STRONG>can we enable RIP/DHCP without issue</STRONG></U> and <U><STRONG>what would be the gateway for downstream device if device get failover ?</STRONG></U></SPAN></P><P class="xxxxxmsonormal"><SPAN>Also confirm are we going to lose VIP if we select network type as Private.</SPAN></P><P class="xxmsonormal"><SPAN>If interface is part of cluster and we do not want to monitor that interface, like Cisco ASA is possible and there might have option in checkpoint as well.</SPAN></P><P class="xxmsonormal">&nbsp;</P><P>Appreciate any response on the above query.</P><P>&nbsp;</P><P>Thanks in advance.</P> Tue, 17 Aug 2021 15:16:35 GMT bookman 2021-08-17T15:16:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Query-on-Configuring-interface-to-be-not-monitored-in-cluster/m-p/125918#M18280 <P>Hi Team ,</P><P>Would like to know if we remove the Monitored interface from the cluster and make it has Private does it loose the VIP and the interface doesn't participate in the cluster anymore ?</P><P><STRONG><U>Setup details :</U></STRONG></P><P>Checkpoint R80.20 in Cluster setup.</P><P><BR />CCP mode: Manual (Unicast)<BR />Required interfaces: 6<BR />Required secured interfaces: 1</P><P><BR />ClusterXL VLAN monitoring per interface:<BR /><BR />Interface | Low VLAN | High VLAN<BR /><BR />eth2-03 | 3XX | 6XX<BR />eth1-01 | 3XX | not configured</P><P>Interface Name: Status:<BR />eth1-01.XXX UP</P><P><BR />Security GW: Lowest and highest VLANs are monitored per interface.</P><P>&nbsp;</P><P><FONT face="arial black,avant garde" color="#003366">Updated</FONT></P><P>-------------------------</P><P class="xxxxxmsonormal"><SPAN>Like Cisco ASA (#no monitor-interface commands) we can disable monitoring from cluster.</SPAN></P><P class="xxxxxmsonormal"><SPAN>But if we configure the Checkpoint with the network type private we cannot assign virtual IP address</SPAN></P><P>Also&nbsp;<SPAN>If we configure interface as Private, <U><STRONG>can we enable RIP/DHCP without issue</STRONG></U> and <U><STRONG>what would be the gateway for downstream device if device get failover ?</STRONG></U></SPAN></P><P class="xxxxxmsonormal"><SPAN>Also confirm are we going to lose VIP if we select network type as Private.</SPAN></P><P class="xxmsonormal"><SPAN>If interface is part of cluster and we do not want to monitor that interface, like Cisco ASA is possible and there might have option in checkpoint as well.</SPAN></P><P class="xxmsonormal">&nbsp;</P><P>Appreciate any response on the above query.</P><P>&nbsp;</P><P>Thanks in advance.</P> Tue, 17 Aug 2021 15:16:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Query-on-Configuring-interface-to-be-not-monitored-in-cluster/m-p/125918#M18280 bookman 2021-08-17T15:16:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Query-on-Configuring-interface-to-be-not-monitored-in-cluster/m-p/125923#M18282 <P>Dynamic routing is currently not supported on cluster member private interfaces per&nbsp;<SPAN>sk116815.</SPAN></P> Sat, 07 Aug 2021 14:21:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Query-on-Configuring-interface-to-be-not-monitored-in-cluster/m-p/125923#M18282 Chris_Atkinson 2021-08-07T14:21:36Z