- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Dear Check Point,
according to the different manuals I`ve read concerning SRC-MAC of CCP- and Forward-Packages and it is not recommended to set <MAC magic> any more by hand.
(See sk-25977-Change Source MAC Addresses - Gateway Mode - Gaia R80.10 - Procedure)
It is stated there, that the algorithm for the MAC magic is the following:
"During the initial configuration of the cluster members, they apply the following algorithm to set the MAC magic value:
Note: All members of the same cluster will set the same value."
I am wondering, because this (locally limited) algorithm will, for each Cluster with a separated/dedicated sync-network, find the same value for its <MAC magic> (so the Cluster-ID).
According to the same SK there should be a unique Cluster-ID for all (managed) Clusters within the domain: "Enter a unique value for each cluster in the domain."
The above algorithm will not find the other Clusters if they have separated sync-networks. So as far as I understand, there will be the same Cluster-ID along many clusters ( in this case always the ID 1).
Could you please clarify this for me?
Best regards
CCP is blasted on all cluster interfaces, not over isolated SYNC link or network.
I.e.:
[Expert@HostName]# cphaprob -a if
The CCP mode will appear at the end of the line.
Example:
Required interfaces: 4 Required secured interfaces: 1 eth0 UP non sync(non secured), multicast eth1 UP sync(secured), multicast eth2 UP non sync(non secured), multicast eth3 UP non sync(non secured), multicast
What happens with two clusters with automatic magic, when they haven't had a common VLAN before, but at some momet they will be connected into the same VLAN?
Do members of one of the clusters adjust their magic or the learning process is only performed during the initial configuration and no further adjustments is made when another cluster "appears suddenly"?
I would like to know more about the situation where 2 or more already operational clusters are going to have a shared layer 2/3 network. How the clusters decide, which of them wins the fight and could keep the existing ID and which one must change it's ID. What impact is expected while VMAC being ON or OFF?
just stumbled across your question - sorry if this answer is for R80.30, surely there's one in the adminguide for .10 as well. I would assume the underlying mechanism of the packets on the wire hasn't changed - if it had it'd certainly pose problems when upgrading firewalls.
... Chapter "Connecting Several Clusters on the Same VLAN"
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY