This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
T_Sonnberger
Contributor
‎2026-02-16 07:03 AM
Jump to solution

VSNext Bond configuration and connection with Cisco VPCs

Dear CheckMates,

we are currently setting up a VSNext Cluster and ran into some issues with the bond configuration/ the connection with the Cisco VPCs connected to our cluster.

This is our physical setup:

 

Setup.png

It's a two site active/standby setup.

bond2 - consisting or eth1-01 and eth1-02

In total we have 4 virtual systems - each having a VLAN on bond2

vs1 - bond2.1095

vs2 - bond2.1096

vs3 - bond2.1097

vs4 - bond2.1098

The Problem is:

I see that the bond only shows on VS1 and VS4, claiming no Bond is configured on VS2 and VS3

Bond-VSNext-blurred.png

I can ping the HSRP Interfaces in each VLAN so I think the VLAN config etc. should be fine but in cphaprob -a if the bond does not show up as synced interface on vs2 and vs3....

 

cphaprob-blurred.png

Does anyone of you have some experince with a similar setup or at least have some ideas (troubleshoot commands)  how to get some more information on this or what else could be checked?

 

Thanks in advance and BR,

Thomas

 

0 Kudos
1 Solution

Accepted Solutions
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-02-16 06:56 PM
Jump to solution

The interfaces are not showing up as monitored interfaces, but they are there in the interface list so they have been configured correctly. They are not being monitored because the cluster is only monitoring the lowest and highest VLANs on the bond, with the idea being that if those two VLANs are working then the rest of them probably are too. 

If you want to monitor all VLANs (and hence, mark the interface down for all VSs if one VLAN has an issue) then you can enable that option. The procedure in this SK should work. https://support.checkpoint.com/results/sk/sk92826

 

View solution in original post

(1)
5 Replies
Wolfgang
MVP Gold
MVP Gold
‎2026-02-16 07:20 AM
Jump to solution

@T_Sonnberger how did you create your bond and VLANs ?

create your Bond-interface and the VLANs in VS0 and then add the VLANs (only the VLAN interfaces, not the bond) to your virtual systems as needed.

T_Sonnberger
Contributor
‎2026-02-16 09:40 PM
In response to Wolfgang
Jump to solution

Thanks for the reply - that's how I have done it. Assigned bond2 to VS0, then added the VLANs in VS0 context and moved them to the specific VS.

 

BR,

Thomas

0 Kudos
Lari_Luoma
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-02-16 11:42 AM
Jump to solution

Step 1: Make sure you have the recommended JHF installed.
Step 2: Created bond interface and VLANs in VS0
Step 3: Assign VLANs to VSs you want.

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-02-16 06:56 PM
Jump to solution

The interfaces are not showing up as monitored interfaces, but they are there in the interface list so they have been configured correctly. They are not being monitored because the cluster is only monitoring the lowest and highest VLANs on the bond, with the idea being that if those two VLANs are working then the rest of them probably are too. 

If you want to monitor all VLANs (and hence, mark the interface down for all VSs if one VLAN has an issue) then you can enable that option. The procedure in this SK should work. https://support.checkpoint.com/results/sk/sk92826

 

(1)
T_Sonnberger
Contributor
‎2026-02-16 09:38 PM
In response to emmap
Jump to solution

Thank you so much - this is it! 

I have just removed bond2.1098 on vs4 and now see bond2.1097 on vs2...

 

I was so confused that it said "no bond configured" that I never took into consideration that it's just about VLAN monitoring.

 

BR,

Thomas

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events