This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bill_wang
Explorer
‎2020-04-20 09:37 PM

update aws route table issue with AWS Cluster deployment

Hi Body

    I deployed two GW with cluster mode in the aws...the server subnet's default geteway point to active gw eni. 

my question is "if the swirtchover happened,  how to automatically replace server subnet's nexthop to new active member eni ??? "

i don't find like this script ....

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2020-04-21 11:16 AM

Did you follow the instructions here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Bill_wang
Explorer
‎2020-04-21 06:47 PM
In response to PhoneBoy

Hi PhoneBoy
thank your reply...i not find any helpful information from this sk about update route table....
now, HA work is fine, and the failover has no any problem. only the route table of server's subnet have not been replace to new active eni....
0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-21 07:34 PM
In response to Bill_wang

If you set up the cluster per the SK, then this should happen automatically, as the SK states.
If it's not, then use the troubleshooting steps provided in the same SK. to help understand why.
0 Kudos
Bill_wang
Explorer
‎2020-04-21 07:42 PM
In response to PhoneBoy

my environment have a little different with sk....server's subnet and gw internal subnet is same one in the sk.
and then , server's sbunet is a another subent in my environment.
like gw internal subnet is 10.1.1.0/24....server subnet is 10.1.2.0/24...
0 Kudos
Bill_wang
Explorer
‎2020-06-27 07:57 PM
In response to Bill_wang

anybody have any idear ?

0 Kudos
nullform
Explorer
‎2020-06-28 03:25 PM
In response to Bill_wang

Can you explain your topology, the layout and what have you done that's not according to the deployment guide.

0 Kudos
Kurt_Abela
Contributor
‎2021-06-10 11:48 PM
In response to Bill_wang

Hi,

was this ever solved? We have a similar setup and we are struggling to find a way to change routes/interfaces on subnets not created directly by Checkpoint

0 Kudos
Roman_Kats
Employee
Employee
‎2021-06-12 11:09 PM
In response to Kurt_Abela

Hi Kurt
Can you please share your topology and how exactly have you created cluster?
Thanks,
Roman

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-06-12 11:12 PM
In response to Roman_Kats

Hi,

The deployment is based on the fact that the Cluster is installed in its own VPC with no other servers.

so any other Spoke VPCs should be Peered to it with Regular Peering or TGW etc.

The Server VPC routing should take him to the Cluster VPC and there it will have a route directed to the Cluster Active member ENI.

0 Kudos
Kurt_Abela
Contributor
‎2021-06-13 12:31 AM
In response to Nir_Shamir

Hi,

This is an existing AWS setup and customer asked us to fit in a Checkpoint Cluster (same AZ). The problem is that they have existing servers directly on the current existing gateway backend interface, as well as a number of Transit Gateways and other pre-existing route tables.

When we deploy a cluster in the existing VPC, the cluster can only change the route tables it created during the deployment. My question is if we can force the new cluster to modify the existing route tables.

I know this is the recommended design from CP, but this is an existing customer topology and they want to deploy CP cluster in the Same VPC.

Thanks,

Kurt

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-06-13 02:34 AM
In response to Kurt_Abela

As I remember and tested again , you can associate any Route table to the Cluster's internal Subnet , or other Subnets in That VPC , add routes to the currently ACTIVE member's ENI and that's it.

the failover changes the routes to the ACTIVE member's ENI

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events