https://community.checkpoint.com/t5/Firewall-and-Security-Management/Migrating-interface-behind-bond/m-p/183918#M33747 <P>ClusterXL requires ALL members to be configured identically to work (including interface configuration).<BR />This activity inherently breaks that assumption and clustering won't work until the differences are corrected.<BR />Which means failover won't be possible in the current state.<BR />Further, I don't see how disabling monitoring on eth1 will help since you'll have the same issue when bond0.xx comes online.</P> <P>Bottom line: this activity must be done in a maintenance window.</P> Tue, 13 Jun 2023 18:51:02 GMT PhoneBoy 2023-06-13T18:51:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Migrating-interface-behind-bond/m-p/183905#M33743 <P>Hi there,</P> <P>Although I found lots of posts around same or similar task, but I seem to struggle. I want to migrate one vlan (eth1) behind already existing bond.</P> <P>R80.40 ClusterXL active/standby.</P> <P>Interfaces:</P> <P>eth1</P> <P>bond0.10</P> <P>bond0.20</P> <P>&nbsp;</P> <P>- Standby -&nbsp;clusterXL_admin down</P> <P>- Standby - remove IP from eth1</P> <P>- Standby - add new vlan with IP behind bond (bond0.5)</P> <P>- Smartconsole - update cluster object so that new interface is reflected in configuration</P> <P>- Smartconsole - Push policy</P> <P>- Standby - clusterXL_admin up&nbsp; &nbsp;&lt;&lt;------ keeps down with following error:</P> <P><BR /><EM>Setting member to normal operation ...</EM><BR /><EM>Member current state is DOWN</EM></P> <P><EM>Operation failed: member is still down, please run 'show cluster members pnotes problem' in clish or 'cphaprob list' in expert mode for further details</EM></P> <P>&nbsp;</P> <P>Now the problem seems to be the difference between the number of monitored interfaces.</P> <P>Standby tells "Required interfaces 3" and I have following in the list: bond0.10; bond0.20; sync</P> <P>Active tells "Required interfaces 4" and I have following in the list: eth1;&nbsp;bond0.10;&nbsp;bond0.20;&nbsp;sync</P> <P>&nbsp;</P> <P><SPAN>I know about&nbsp;sk92826, but this would only affect the number of vlans monitored behind bond.</SPAN></P> <P><SPAN>How do I failover when standby doesn't join the cluster? Is there a way to temporarily disable monitoring for eth1?</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 13 Jun 2023 17:31:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Migrating-interface-behind-bond/m-p/183905#M33743 abihsot__ 2023-06-13T17:31:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Migrating-interface-behind-bond/m-p/183918#M33747 <P>ClusterXL requires ALL members to be configured identically to work (including interface configuration).<BR />This activity inherently breaks that assumption and clustering won't work until the differences are corrected.<BR />Which means failover won't be possible in the current state.<BR />Further, I don't see how disabling monitoring on eth1 will help since you'll have the same issue when bond0.xx comes online.</P> <P>Bottom line: this activity must be done in a maintenance window.</P> Tue, 13 Jun 2023 18:51:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Migrating-interface-behind-bond/m-p/183918#M33747 PhoneBoy 2023-06-13T18:51:02Z