Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Usman_Shaikh
Contributor

Blackhole static routes in VSX

I am trying to advertise a non-connected network on the checkpoint virtual system in OSPF. Usually we would just add a blackhole/null0 static route and redistribure that in OSPF but I cannot find a way to add this type of static route in VSX

Can you point me in the right direction please or if there is a better way to advertise this in OSPF

Also how do I go about configuring a loopback interface in VSX ?

Many thanks

8 Replies
PhoneBoy
Admin
Admin

From clish, you should be able to add a loopback interface: add interface lo loopback <IP Address>/<Mask>

See also: Gaia Advanced Routing R80.10 Administration Guide 

0 Kudos
Usman_Shaikh
Contributor

Many Thanks Dameon; however the command is not available in clish (note this is VSX gateway)

fw1> add interface lo loopback 10.1.1.1 255.255.255.255
CLINFR0329  Invalid command:'add interface lo loopback 10.1.1.1 255.255.255.255'

fw1> add
aaa              - Authentication authorization and accounting
allowed-client   - Add allowed client
arp              - Add ARP entries
backup           - Start a backup of the system
backup-scheduled - Determine the type of scheduled-backup of the system
bonding          - Configure bonding interfaces
cloning-group    - Configure Gaia Cloning Group
command          - Add extended command.
cron             - Add new scheduling for a command
dhcp             - Configure or view DHCP settings.
group            - Specify group name
host             - Static host configuration
netflow          - NetFlow export of traffic information
rba              - Role-based administration configuration
snapshot         - Take snapshot
snmp             - Simple Network Management Protocol Information
syslog           - System log configuration
upgrade          - Upgrade of Check Point OS and Products
user             - A user name
vpn              - vpn configuration

Any ideas for VSX ?

Also what about the blackhole route piece ?

0 Kudos
Vladimir
Champion
Champion

Have you tried adding the loopback to the VSX itself and then choosing it from the VS context?

0 Kudos
Usman_Shaikh
Contributor

Sorry for the late response.. but i have tried to add it via VS0 but unable to do so..

vsxgw1:TACP-15:0> add interface lo loopback 10.1.1.1/32
CLINFR0699  Invalid command.

Any more ideas ?

0 Kudos
Vladimir
Champion
Champion

I believe that you supposed to perform "set vsx off" before adding new interface and "set vsx on" once it is done.

0 Kudos
RKinsp
Contributor

Hello Usman,

Did you ever get this to work? I am trying the same thing but in a cluster. With set vsx off I can actually create the interface, but I have to set and IP and it shows up in all the VSs (not in SmartConsole thought). Thanks, RK

0 Kudos
Freco_Wong
Participant

I need this too... in VSX mode, is there any updates?

0 Kudos
SimonDrapeau
Employee
Employee

Using a loopback interface with Dynamic Routing in ClusterXL environments (including VSX)  is supported starting with Check Point R81.10.

Check Point R81.10 was released (July 6, 2021). For more information, see sk170416.

sk117794 has been updated accordingly.

Simon 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events