This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AK2
Collaborator
‎2022-12-28 02:21 PM
Jump to solution

CloudGuard Cross AZ Cluster AWS - duplicate secondary private IP of external interface

Hi, I am building R81.20 CloudGuard Cross AZ Cluster.

Used template in sk111013 (new VPC, R81.20, cross availability zone cluster for transit gateway) stack deployed ok.

At steps to create cluster in Smart Console and push policy to it

Got to https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_for_AWS_Cross_AZ_Cluster/C... 

Step 11, add an alias interface, in AWS console the secondary private IP address of both cluster members is the same

cluster.png

Although the cluster configuration was able to be published with the same IP address on both cluster members I was not able to install policy, with error "check point duplicate keys "<0a030a1d>" in table 'cluster_members_ids_by_ips'"

 

If someone could confirm that the 2 cluster members are meant to have the same secondary private IP of external interface, that would help provide a starting point for troubleshooting the policy install error.

 

Cheers

 

Andrew

0 Kudos
1 Solution

Accepted Solutions
4 Replies
AK2
Collaborator
‎2022-12-28 05:20 PM
Jump to solution

Update. I reset SIC on gateways and manager, deleted the Cluster Object in Smart Console, went through the config one more time. I reproduced the policy push error, however this time was able to work past it by deliberately setting the second cluster member's secondary private IP of external interface so that it did not conflict with the first cluster member (ie something different to what the AWS stack says it is). Doing this allowed me to push policy and the cluster is now in a healthy state...

0 Kudos
Roman_Kats
Employee
Employee
‎2022-12-28 11:39 PM
Jump to solution

Hello @AK2 

Thanks for reporting the issue . We are checking it
Meanwhile the you may refer to instructions in admin guide on how to find secondary external private IP address

 

Configure Member IPs: Enter secondary private IPv4 address of external interface for each cluster member and click OK.

To get the IP address in AWS console:

In AWS Console chose Cluster member > Navigate to the Networking tab.

Roman_Kats_1-1672299566530.png

 

Thanks,
Roman

0 Kudos
Roman_Kats
Employee
Employee
‎2022-12-29 01:49 AM
In response to Roman_Kats
Jump to solution

@AK2 
The issue was resolved
Templates with the fix published and are available in:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/aws/templates 

Thanks

(1)
AK2
Collaborator
‎2022-12-29 02:39 PM
In response to Roman_Kats
Jump to solution

Hi Roman, thank you so much for resolving this issue  so quickly during the holiday season, it means a lot for me and my customer! I redeployed today and the new secondary IPs are different for each member. I was able to create the cluster in Smart Console and push policy to it. For the benefit of others here are the private IPs assigned during stack creation:

ClusterPublicAddress

 

The public address of the cluster.

MemberAExternalInterface

 

The external interface of member A.

MemberAPrivateAliasAddress

10.4.10.75

The secondary external private IP address of Member A.

MemberAPrivateExternalAddress

10.4.10.137

The primary external private address of member A.

MemberAPrivateInternalAddress

10.4.11.145

The private Internal address of member A.

MemberAPublicAddress

 

The public address of member A.

MemberASSH

 

SSH command to member A.

MemberAURL

 

URL to the member A portal.

MemberBPrivateAliasAddress

10.4.20.34

The secondary external private IP address of Member B.

MemberBPrivateExternalAddress

10.4.20.208

The primary external private address of member B.

MemberBPrivateInternalAddress

10.4.21.45

The private Internal address of member B.

MemberBPublicAddress

 

The public address of member B.

MemberBSSH

 

SSH command to member B.

MemberBURL

 

URL to the member B portal.

 

Cheers, Andrew

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events