https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169528#M30702 <P>Hello Phoneboy,</P> <P>starting from 81.10 it seems that is possible to configure loopback:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794</A></P> <P>that procedure looks very bad to me because of any new "Get interfaces with/without topology" will invalidate/delete the manually added Loopback interface in Cluster object under network management.</P> <P>&nbsp;</P> <P>i've submitted a feedback to sk.</P> <P>any idea on your side?</P> Sun, 29 Jan 2023 16:32:12 GMT CheckPointerXL 2023-01-29T16:32:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/16158#M1184 <HTML><HEAD></HEAD><BODY><P>Hello mates!</P><P>CP recommends when configuring OSPF, set a loopback interface different from 127.0.0.1 ... If we have a ClusterXL, we can set the same @ip in a new loopback interface on both firewalls and set this ip as Router ID or we must maintain the default configuration? Thanks in advance!</P></BODY></HTML> Tue, 13 Nov 2018 19:22:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/16158#M1184 Jose_Luis_Calle 2018-11-13T19:22:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/16159#M1185 <HTML><HEAD></HEAD><BODY><P>The Router ID should be configured to one of the cluster IP addresses.</P><P>It should be configured this way on all cluster members.</P><P>This is explicitly stated here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95968" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95968">OSPF on Gaia</A>&nbsp;</P></BODY></HTML> Fri, 16 Nov 2018 19:48:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/16159#M1185 PhoneBoy 2018-11-16T19:48:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169528#M30702 <P>Hello Phoneboy,</P> <P>starting from 81.10 it seems that is possible to configure loopback:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794</A></P> <P>that procedure looks very bad to me because of any new "Get interfaces with/without topology" will invalidate/delete the manually added Loopback interface in Cluster object under network management.</P> <P>&nbsp;</P> <P>i've submitted a feedback to sk.</P> <P>any idea on your side?</P> Sun, 29 Jan 2023 16:32:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169528#M30702 CheckPointerXL 2023-01-29T16:32:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169535#M30705 <P>Why would you make a loopback for this? The router ID is not an IP address. It's just a number. All members of a cluster must use the same number, but it doesn't need to have any relation to any interface. You can use router IDs like 0.0.0.1 which are not valid IP addresses.</P> Sun, 29 Jan 2023 21:56:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169535#M30705 Bob_Zimmerman 2023-01-29T21:56:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169537#M30707 <P>I agree with you but i've simply followed admin guide....&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Gaia_Advanced_Routing_AdminGuide/Topics-GARG/OSPF-Configuring-Router-ID.htm?Highlight=Router%20id" target="_blank" rel="noopener noreferrer">https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Gaia_Advanced_Routing_AdminG...</A></P> <P>Use an address on a loopback interface that is not the loopback IPv4 address 127.0.0.1</P> <P>Important:</P> <P>In a cluster, you must configure the Router ID to one of the Cluster Virtual IP addresses.</P> <P>&nbsp;</P> <P>So where is the truth?</P> <P>&nbsp;</P> <P>"<SPAN>but it doesn't need to have any relation to any interface."</SPAN></P> <P><SPAN>This statement seems to be very far compared to documentation/admin guide/SKs</SPAN></P> Sun, 29 Jan 2023 22:28:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169537#M30707 CheckPointerXL 2023-01-29T22:28:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169547#M30715 <P>I have customers that do each method successfully (Loopbacks or bonds - not VSX).&nbsp;</P> <P>Traditional network folk like Loopbacks because they should never go down, historically differing vendor implementations could do odd things when ID values are tied to physical interfaces so habits were formed to avoid gotchas.</P> Mon, 13 Feb 2023 01:29:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/loopback-interface-as-Router-ID-in-a-Cluster-XL-configuration/m-p/169547#M30715 Chris_Atkinson 2023-02-13T01:29:15Z