Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Champion
Champion

Why is the Cluster ID field missing in R80.10 FTW?

Just noticed it recently during initial configuration of R80.10 Cluster: there is no cluster ID field in the first time configuration wizard.

Can someone clarify if there is now a different mechanism resolving same ID issues and how doe it deal with clusters already present in the infrastructure with IDs defined?

Thank you,

Vladimir

Tags (1)
0 Kudos
5 Replies
Highlighted

Hi,

From R80.10 onwards there is indeed a new algorithm which does automatic selection for the MAC magic.

The procedure is explained in sk25977 under (III-1-E) Change Source MAC Addresses - Gateway Mode - Gaia R80.10 - Procedure.

Kr,

Nick

Highlighted
Authority
Authority

I guess the old "magic" number sk25977 explains what's changed and how it was applied before R80.10

I don't want to copy any details here as it's quite long article Smiley Happy

0 Kudos
Highlighted
Champion
Champion

Kaspars,

It is hard for me to believe that CP would on purpose remove the cluster id feature and will force the old method on us.

Likely, some new mechanism is in place and I am trying to determine what it is.

0 Kudos
Highlighted
Champion
Champion

Thank you Kaspars and Nick!

I've just finished reading through the SK and have found the R80.10 section in it, sorry for not spotting it earlier.

Highlighted

From sk25977: 

qoute

Starting in Gaia R80.10, the 5th byte of the Source MAC address (MAC magic) in all types of CCP packets is assigned automatically.

During the initial configuration of the cluster members, they apply the following algorithm to set the MAC magic value:...

unqoute

When does the "initial configuration" happen? Is it when I run the FTW on the device (at this time I have not yet configured all interfaces) or is it the fist time I push a policy to the gateways, where they are part of a cluster? This is important as I have to share one VLAN with another existing CheckPoint ClusterXL setup.

If it is when I push the policy, can I be sure that the gateway (even if I enable clusterXL in the FTW) will not interfere with the other cluster(s) even if I configure and enable all interfaces? In that case it is important the the shared VLAN is connected to the new cluster first time I push the policy, so the other cluster's CCP traffic can be detected...

Thanks in advance.

0 Kudos