https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/249510#M48730 <P>Hello</P> <P>Is it possible to disable an interface that is part of a VSX Cluster?</P> <P>I have a lab environment, where the Eth2 interface is the SYNC interface between my VSX1 and VSX2 box</P> <P>My Cluster does not “wake up”, and emphasizes that the problem is the Eth2 interface</P> <P>I have done everything at VMWARE level but I still can't fix it</P> <P>I want to logically shut down the Eth2 interface from each box</P> <P>Is this possible?</P> <P>Could you guide me with the steps to follow?</P> <P>Thanks</P> Wed, 21 May 2025 15:04:18 GMT Matlu 2025-05-21T15:04:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202410#M38092 <P>Hi All,</P><P>We're aware on how to remove an interface on a VS by using the&nbsp;vsx_provisioning_tool; but what would be the best way to just disable a bond "sub-interface" on a VS -in a VSX cluster.</P><P>Is it by using the below commands:</P><P>On VSX member 1 (where our VS is active)</P><P><STRONG><FONT face="courier new,courier">set vsx off</FONT></STRONG></P><P><STRONG><FONT face="courier new,courier">set interface bond2.15&nbsp;state off</FONT></STRONG></P><P><STRONG><FONT face="courier new,courier">set vsx on</FONT></STRONG></P><P><SPAN>And repeat the above on VSX member 2 (where our VS is standby)</SPAN></P> Mon, 22 Jan 2024 02:44:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202410#M38092 _Daniel_ 2024-01-22T02:44:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202412#M38093 <P>That sounds logical, based on below as well</P> <P>Best,</P> <P>Andy</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Remove-interface-from-VSX-systems/td-p/65004" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Remove-interface-from-VSX-systems/td-p/65004</A></P> <P>&nbsp;</P> Sun, 07 Jan 2024 23:27:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202412#M38093 the_rock 2024-01-07T23:27:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202421#M38096 <P>You want to delete only VLAN 15 configured on bond2, or delete complete bond2 logical interface ?</P> Mon, 08 Jan 2024 06:48:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202421#M38096 JozkoMrkvicka 2024-01-08T06:48:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202547#M38120 <P>Hi Jozko,</P><P>Not delete, rather disable vlan15 on bond2, i.e. bond2.15 -we need to re-enable back in some time.</P><P>&nbsp;</P> Tue, 09 Jan 2024 00:48:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202547#M38120 _Daniel_ 2024-01-09T00:48:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202553#M38122 <P>I have tested setting vsx wrp-interface down simply with ifconfig. It won't survive reboot though, but will work.</P> Tue, 09 Jan 2024 00:36:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202553#M38122 Lari_Luoma 2024-01-09T00:36:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202572#M38124 <P>The correct way is to delete VLAN from Topology tab within affected VS in SmartConsole. Do not forget to install policy afterwards.</P> <P>Once the VLAN is needed again, just add it back.</P> Tue, 09 Jan 2024 06:47:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202572#M38124 JozkoMrkvicka 2024-01-09T06:47:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202653#M38131 <P>To get you right:<BR />1- disable the interface from clish<BR />2- delete it from the Topology tab for the affected VS in SmartConsole<BR />3- push the policy<BR /><BR /></P><P>To reactivate it, just reverse the above steps</P> Wed, 10 Jan 2024 02:49:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202653#M38131 _Daniel_ 2024-01-10T02:49:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202671#M38137 <P>Disable interface from CLI within VS is not needed. SmartConsole will remove it during provisioning proccess (once you click OK with deleted VLAN on VS object).</P> Wed, 10 Jan 2024 08:30:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/202671#M38137 JozkoMrkvicka 2024-01-10T08:30:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/249510#M48730 <P>Hello</P> <P>Is it possible to disable an interface that is part of a VSX Cluster?</P> <P>I have a lab environment, where the Eth2 interface is the SYNC interface between my VSX1 and VSX2 box</P> <P>My Cluster does not “wake up”, and emphasizes that the problem is the Eth2 interface</P> <P>I have done everything at VMWARE level but I still can't fix it</P> <P>I want to logically shut down the Eth2 interface from each box</P> <P>Is this possible?</P> <P>Could you guide me with the steps to follow?</P> <P>Thanks</P> Wed, 21 May 2025 15:04:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/249510#M48730 Matlu 2025-05-21T15:04:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/249512#M48732 <P>I believe generic linux command would be if eth2 down</P> <P>Andy</P> Wed, 21 May 2025 15:07:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disabling-interface-on-VS/m-p/249512#M48732 the_rock 2025-05-21T15:07:57Z