https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/159754#M28053 <P>I believe this is supposed to NAT behind the cluster address, as you can see here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk169672&amp;partition=Advanced&amp;product=ClusterXL" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk169672&amp;partition=Advanced&amp;product=ClusterXL</A><BR />In any case, I suspect this is a bug and the TAC will be needed to assist with this.</P> Mon, 17 Oct 2022 18:43:25 GMT PhoneBoy 2022-10-17T18:43:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/159745#M28048 <P>Hi Mates,</P> <P>target: establish GRE Tunnel between a R81.10 Cluster and&nbsp; a Linux Server by following <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk169794&amp;partition=Advanced&amp;product=Quantum#Cluster" target="_self">sk169794</A>&nbsp;</P> <P>Issue: in the underlay traffic (local IPs) always the cluster members IP is answering and not the Cluster IP!<BR />In the screenshot you can see the remote peer 192.168.2.1 tries to reach the CP Cluster IP with 192.168.1.1 but the CP Member IP with 192.168.1.2 is answering. Is this by design? </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 640px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/18149i6A25495E04D36BB8/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>With this the GRE is not working because we assume the Remote System doesn't know what to do with the cluster members IP. When we set it up like a single GRE it works!</P> <P>KR<BR />David</P> <P>&nbsp;</P> Mon, 17 Oct 2022 15:30:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/159745#M28048 D_W 2022-10-17T15:30:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/159754#M28053 <P>I believe this is supposed to NAT behind the cluster address, as you can see here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk169672&amp;partition=Advanced&amp;product=ClusterXL" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk169672&amp;partition=Advanced&amp;product=ClusterXL</A><BR />In any case, I suspect this is a bug and the TAC will be needed to assist with this.</P> Mon, 17 Oct 2022 18:43:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/159754#M28053 PhoneBoy 2022-10-17T18:43:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/175920#M32135 <P>Just wanted to give an update about the TAC case... TAC is still in research <span class="lia-unicode-emoji" title=":sneezing_face:">🤧</span></P> Thu, 23 Mar 2023 14:41:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/175920#M32135 D_W 2023-03-23T14:41:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/178473#M32694 <P>Just wanted to update:<BR />We needed an own NAT Rule so that the response from the ClusterMembers are changed to the ClusterVIP.<BR />That was the first we tried but however the NAT rule took a few hours till it matched/become active <span class="lia-unicode-emoji" title=":confounded_face:">😖</span></P> Wed, 19 Apr 2023 11:57:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/GRE-in-Cluster-environment/m-p/178473#M32694 D_W 2023-04-19T11:57:28Z