cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee
Employee

How to connect to MDS R80.10 through alternate interface ?

hello, 

in R80.10, how to connect to MDS using another IP configured on any other interface than the MDS ip ? 

Its working when connecting throught the Mgmt interface. 

But not when tring through any other interface.

Customer indicated they had the same issue when configuring their MDS in R77.30 and a specific procedure has been applied to make it possible. Any idea how to do in R80.10?

see error message enclosed. 

regardss

François.

0 Kudos
10 Replies
Employee+
Employee+

Re: How to connect to MDS R80.10 through alternate interface ?

Check the R80.10 MDM manual and search for: Using More than one Interface on a Multi-Domain Server

Changing the Leading Interface
You define the leading interface during the installation procedure, but you can change it later. If you add a new interface to a Multi-Domain Server after installation, define the Leading Interface manually.
To add a New Leading Interface:
1. From the Multi-Domain Server command line, run: mdsconfig
2. Select Leading VIP Interfaces, and then select Add external IPv4 interface.
3. Enter the interface name and press Enter.
Changing the Leading Interface:
1. From the Multi-Domain Server command line, run: mdsconfig
2. Do steps 2-3, in the above procedure, to add new interface.
3. Select Leading VIP Interfaces.
4. Select Remove External IPv4 interface.
5. Enter the interface name to remove and press Enter.

Eric_eric
Ivory

Re: How to connect to MDS R80.10 through alternate interface ?

Hello,

I have the same issue. I tested to add a leading interface but it's doesn't work.

Regards,

Eric

0 Kudos
Employee
Employee

Re: How to connect to MDS R80.10 through alternate interface ?

Hello Eric, My customer also report adding a leading interface does not works. 

At this step, I will recommend to engage support as the procedure is the official one described in Admin guide. 

http://dl3.checkpoint.com/paid/27/2792d875783ad607cb7d593a6c335ec7/CP_R80.10_Multi-DomainSecurityMan... 

0 Kudos
Dan_Zaidman
Nickel

Re: How to connect to MDS R80.10 through alternate interface ?

There can be only one leading interface , but you can change it , see the procedure in sk74020 - How to change the IP address of Domain Management Server

Let me know if it works for you.

Thanks

Dan

0 Kudos

Re: How to connect to MDS R80.10 through alternate interface ?

Hi 

Did anyone find the solution for this, I also got the exact same issue, I can connect via MGMT, but i need a bond interface I have created to a leading interface, when i try to connect to Bond I also get the exact same error 

Domain 'Failed to find domainIp x.x.x.x' not found!

0 Kudos
Admin
Admin

Re: How to connect to MDS R80.10 through alternate interface ?

As suggested, it's best to open a TAC case on this.

0 Kudos

Re: How to connect to MDS R80.10 through alternate interface ?

Hi Dameon

I have raised a TAC case and seems it is a know issue on R80+ but they dont have a ETA for fix yet.

0 Kudos
Vladimir
Jade

Re: How to connect to MDS R80.10 through alternate interface ?

I am not sure if this is applicable or will work in your current situation, but if you are setting up a new MDS, you can try using this procedure:

Create a /32 loopback interface with routable IP.

Advertise it to your network using dynamic protocol(s).

Declare it to be a target for licensing.

This way you should be able to connect to the IP address different from that of the default management interface.

Declare this interface to be a Leading Interface and use the bundled physical interfaces for connectivity to the rest of your infrastructure.

I've made this work previously on SMS, but never tried it on MDS. 

Please let me know if I am making incorrect assumptions or if this works.

Regards,

Vladimir

0 Kudos

Re: How to connect to MDS R80.10 through alternate interface ?

I did this recently in VMWare workstation where I only had eth0, but mds backup came from a system with a leading interface with Mgmt. I  performed the changes in MDSCONFIG, but it still didn't work.

I then did the following and it worked for me.....

1. Change the interface name to Mgmt by editing the following.
/etc/udev/rules.d/00-OS-XX.rule

2. In clish re-ip the interface and change state to on. (i noticed after changing the interface name that the state had changed to off and the ip had been removed)

3. Reboot and perform an mds_restore


4. After restore completes, reboot again. Note ! it takes a good 20 mins to things to initially start, but thats probably just my VMWare resources.

0 Kudos

Re: How to connect to MDS R80.10 through alternate interface ?

having same issue here.

I am testing the upgrade of R80.10 MDS to R80.20, with several CMAs included. This means that my target (R80.20) has the same IP addressing as the Source - which is still in production. This gives us IP conflicts, so i provisioned the 'real' leading VIP to be on an isolated subnet, with a secondary interface being routable on a different subnet.

this worked just find for the build process. and the database successfully import, and the MDS processes are up.
however when trying to Smartconsole onto the secondary interface (which i also have tried to setup as a leading VIP) i get the 'faile do tfind domainip'.

the only solution i can think of, would be to destination NAT from a firewall: i.e, connect to 10.1.1.1 (IP owned/arped for on a firewall) and destination NAT it to this MDS's real IP 10.2.1.1. Obviously, this will need t obe an isolated DMZ otherwise i'll get the address conflict.

in my world however, i dont have a firewall between my PC and the MDS 'lab' i am building to.

hopefully someone will have a fix for this soon.

0 Kudos