cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

vSEC on ESXI interface problem.

Jump to solution

Hello, all!
I have a stange issue with interfaces on virtual appliance. I have deployed R80.10 on ESXI host, and registered it on SMS (also virtual).
After installation, i added some interfaces to SG host, and enabled it using Web interface. In smart console, in Device properties-Network management i used get interfaces command, but it shows only one interface (should be 2)

What can be the root of this issue?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

An interface is not relevant to the firewall unless it has been configured as a mirror port or has an IP address.

As such, my personal take is that what you're seeing is expected behavior.

View solution in original post

13 Replies
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

Did you reboot the SMS after adding the interfaces in the ESXi Web Interface?

If not, that may be the reason.

0 Kudos

Re: vSEC on ESXI interface problem.

Jump to solution

Hi!

Yeah, i have rebooted both SG and SMS.

0 Kudos
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

What Adapter Type did you add?

On my system, they are added as Adapter Type e1000.

I believe (but haven't personally tried) vmxnet3 should work also.

0 Kudos
Highlighted

Re: vSEC on ESXI interface problem.

Jump to solution

Hi!

I used VMXNET 3, interface with same type already present in the system and works fine.

Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

I recommend opening a ticket with the TAC to assist as it may be an issue with the driver: Contact Support | Check Point Software 

You can try using e1000 as a workaround, though.

0 Kudos

Re: vSEC on ESXI interface problem.

Jump to solution

I can't open a ticket in TAC, since i have no support contract.
As for your advice - i removed NIC with VMXNET3 and added E1000 adapter instead.
And now even web interface does not recognize this NIC.

0 Kudos
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

What version of ESXi are you using?

I am personally using 6.5.

I did not try and add interfaces after the fact, but rather provisioned the VM with multiple interfaces from the get go.

If you happen to be using 5, this is not supported with R80.10 per: Compatible Hardware List -- Virtual Machines (though 5.5 is supported)

Just as a test, I took a R80.10 VM I had set up and added an interface to it with the VM powered down.

When I booted it up, the second interface was recognized.

Make sure the Guest OS is set to RHEL 5 (64-bit) and compatibility is set to the latest hardware version supported.

Re: vSEC on ESXI interface problem.

Jump to solution

Hi
I solved this.
It is really strange logic in checkpoint, from my point of view.
It is not enough just enable interface, you have to set ip address on it. When i set ip address statically, smart console discover it.

Is it expected behavior?

Thanks you for all replies!

0 Kudos
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

For SmartConsole to "see" the interface, the interface must be enabled in Gaia OS.

Since it's possible to configure an interface as a mirror port, an IP isn't strictly required.

See: Monitor Mode on Gaia OS and SecurePlatform OS 

It's best practice to configure the interface in Gaia first before attempting to configure the firewall object with the interface (either manually or using Get Topology). 

0 Kudos

Re: vSEC on ESXI interface problem.

Jump to solution

Well, probably Checkpoint will fix it later.

But i checked it twice on two different VMs with latest updates - if there is no IP on interface, Smart Console doesn't see it. 

0 Kudos
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

An interface is not relevant to the firewall unless it has been configured as a mirror port or has an IP address.

As such, my personal take is that what you're seeing is expected behavior.

View solution in original post

Vladimir
Pearl

Re: vSEC on ESXI interface problem.

Jump to solution

How about Bridge Mode?

0 Kudos
Admin
Admin

Re: vSEC on ESXI interface problem.

Jump to solution

Also bridge mode

0 Kudos