https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170878#M30949 <P>Hey Chris, also for cluster, solution provided by&nbsp; <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794" target="_blank" rel="noopener">sk117794</A>&nbsp; (linked from sk95968 @ point 4) ) seems to be very <STRONG>dangerous</STRONG>.</P> <P>Like i said inside SR&nbsp;6-0003534450, any new get interface with/without topology will invalidate/delete the manually created loopback interface. The behaivoir is confirmed and no solution provided (it works by design).</P> <P>so, if you add new interface/vlan and you forgot to add loopback interface again, i suppose OSPF/BGP process will be disrupted because of new Router-ID needs to be selected</P> <P>I've opened a RFE number&nbsp;<STRONG>hT5Nxy49E</STRONG></P> Thu, 09 Feb 2023 17:46:10 GMT CheckPointerXL 2023-02-09T17:46:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170813#M30930 <P>I have Quantum 6700 appliances running as VSX cluster and I have configured loopback interface with an IPv4 address.&nbsp;<BR /><BR />This works perfectly for like 1-2 days. Then suddenly this IPv4 address drops out of the FW's routing table and no longer works.&nbsp;<BR /><BR />When I run "show interfaces all" it shows the loop00 interface correctly with the IP address. But there is nothing regarding this IP in the routing table after 1-2 days.&nbsp;<BR /><BR />Why is it dissappearing from routing table after some hours?</P> Thu, 09 Feb 2023 07:00:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170813#M30930 Gombodorj 2023-02-09T07:00:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170815#M30931 <P>Which version and JHF is used for this VSX gateway - R81.10 JHF Take ?</P> <P>&nbsp;</P> <P>Refer also:</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794" target="_self">[sk117794] OSPF configured on a loopback interface is not added to OSPF database in Cluster on Gaia OS</A>&nbsp;</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108848" target="_self">[<SPAN>sk108848]&nbsp;</SPAN><SPAN>Output of "cphaprob -a if" command shows a Loopback interface as "Down" on all cluster members</SPAN></A></P> Mon, 13 Feb 2023 01:17:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170815#M30931 Chris_Atkinson 2023-02-13T01:17:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170816#M30932 <P>I'm using R81.10 JHF Take 79 on the VSX gateway. The way I do it is as follows:<BR /><BR />1. set vsx off<BR />2. add interface lo loopback X.X.X.X/32<BR />3. set vsx on&nbsp;<BR />4. save config</P><P>&nbsp;</P><P>As I said before after this IP address drops out of routing table. I have to do the above configuration again to make it come up.</P> Thu, 09 Feb 2023 08:12:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170816#M30932 Gombodorj 2023-02-09T08:12:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170817#M30933 <P>This method of adding interfaces in VSX isn't supported per responses to your previous <A href="https://community.checkpoint.com/t5/Security-Gateways/Loopback-interface-on-VSX-virtual-system/m-p/167137#M30936" target="_self">post</A>&nbsp;on a similar topic.&nbsp;</P> <P>To be clear the loopback is present/defined in the Virtual System topology in SmartConsole?</P> Thu, 09 Feb 2023 08:33:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170817#M30933 Chris_Atkinson 2023-02-09T08:33:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170818#M30934 <P>I thought that you can't use loopback interface (aside from lo 127.0.0.1) on smartconsole. On the topology pane of the gateway object, if I try to like define loop00 interface with IP address, it shows error.<BR /><BR />Can you explain about how can I check it?</P> Thu, 09 Feb 2023 08:19:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170818#M30934 Gombodorj 2023-02-09T08:19:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170819#M30935 <P>R81.10 introduced:</P> <UL> <LI>Use a loopback interface with Dynamic Routing in ClusterXL environments.</LI> </UL> <P>This mandates that the Loopbacks are defined in the Gateway topology, I assume the same is true also for VSX Virtual Systems but will check and revert that this is also supported or not.</P> Thu, 09 Feb 2023 08:33:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170819#M30935 Chris_Atkinson 2023-02-09T08:33:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170821#M30939 <P>I'm using this method on the VSX gateway itself, I also just tried making a interface named loop00 on the topology pane. It shows illegal error.&nbsp;<BR /><BR />Is there a mechanism like looks up the topology and uses this information for the routing table? If so I suspect that whatever that mechanism is invalidating my loopback interface C route because it doesn't exist in the topology. How can I define loopback interface in smartconsole?</P> Thu, 09 Feb 2023 08:33:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170821#M30939 Gombodorj 2023-02-09T08:33:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170822#M30940 <P>As above I will confirm pending confirmation that it is supported the same as it is on a regular cluster.</P> Thu, 09 Feb 2023 08:40:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170822#M30940 Chris_Atkinson 2023-02-09T08:40:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170878#M30949 <P>Hey Chris, also for cluster, solution provided by&nbsp; <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117794" target="_blank" rel="noopener">sk117794</A>&nbsp; (linked from sk95968 @ point 4) ) seems to be very <STRONG>dangerous</STRONG>.</P> <P>Like i said inside SR&nbsp;6-0003534450, any new get interface with/without topology will invalidate/delete the manually created loopback interface. The behaivoir is confirmed and no solution provided (it works by design).</P> <P>so, if you add new interface/vlan and you forgot to add loopback interface again, i suppose OSPF/BGP process will be disrupted because of new Router-ID needs to be selected</P> <P>I've opened a RFE number&nbsp;<STRONG>hT5Nxy49E</STRONG></P> Thu, 09 Feb 2023 17:46:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/170878#M30949 CheckPointerXL 2023-02-09T17:46:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/171153#M31007 <P>Confirmed: Loopback interfaces are <STRONG><U>not</U></STRONG>&nbsp;currently supported with VSX up to and including R81.20,&nbsp;<SPAN>sk79700 has been updated accordingly.</SPAN></P> <P><SPAN>Depending on the specific requirement there are possibly other work arounds available (Dummy DMZ interface or VLAN etc).&nbsp;</SPAN></P> <P><SPAN>This is otherwise an RFE that you should discuss with your local SE if critical.</SPAN></P> Tue, 14 Feb 2023 12:42:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/171153#M31007 Chris_Atkinson 2023-02-14T12:42:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/252667#M49464 <P>In the current day there are now additional options available depending on the use case:</P> <UL class="lia-list-style-type-circle"> <LI>VSNext (R82 and higher)</LI> <LI>NAT Pools</LI> </UL> Mon, 07 Jul 2025 10:51:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Loopback-interface-is-going-out-of-routing-table/m-p/252667#M49464 Chris_Atkinson 2025-07-07T10:51:35Z