This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Usman_Shaikh
Contributor
‎2018-09-20 03:01 AM

Blackhole static routes in VSX

I am trying to advertise a non-connected network on the checkpoint virtual system in OSPF. Usually we would just add a blackhole/null0 static route and redistribure that in OSPF but I cannot find a way to add this type of static route in VSX

Can you point me in the right direction please or if there is a better way to advertise this in OSPF

Also how do I go about configuring a loopback interface in VSX ?

Many thanks

8 Replies
PhoneBoy
Admin
Admin
‎2018-09-22 03:33 PM

From clish, you should be able to add a loopback interface: add interface lo loopback <IP Address>/<Mask>

See also: Gaia Advanced Routing R80.10 Administration Guide 

0 Kudos
Usman_Shaikh
Contributor
‎2018-09-23 01:36 AM
In response to PhoneBoy

Many Thanks Dameon; however the command is not available in clish (note this is VSX gateway)

fw1> add interface lo loopback 10.1.1.1 255.255.255.255
CLINFR0329  Invalid command:'add interface lo loopback 10.1.1.1 255.255.255.255'

fw1> add
aaa              - Authentication authorization and accounting
allowed-client   - Add allowed client
arp              - Add ARP entries
backup           - Start a backup of the system
backup-scheduled - Determine the type of scheduled-backup of the system
bonding          - Configure bonding interfaces
cloning-group    - Configure Gaia Cloning Group
command          - Add extended command.
cron             - Add new scheduling for a command
dhcp             - Configure or view DHCP settings.
group            - Specify group name
host             - Static host configuration
netflow          - NetFlow export of traffic information
rba              - Role-based administration configuration
snapshot         - Take snapshot
snmp             - Simple Network Management Protocol Information
syslog           - System log configuration
upgrade          - Upgrade of Check Point OS and Products
user             - A user name
vpn              - vpn configuration

Any ideas for VSX ?

Also what about the blackhole route piece ?

0 Kudos
Vladimir
Champion
Champion
‎2018-09-23 07:17 AM
In response to Usman_Shaikh

Have you tried adding the loopback to the VSX itself and then choosing it from the VS context?

0 Kudos
Usman_Shaikh
Contributor
‎2018-11-13 09:07 AM
In response to Vladimir

Sorry for the late response.. but i have tried to add it via VS0 but unable to do so..

vsxgw1:TACP-15:0> add interface lo loopback 10.1.1.1/32
CLINFR0699  Invalid command.

Any more ideas ?

0 Kudos
Vladimir
Champion
Champion
‎2018-11-13 10:49 AM
In response to Usman_Shaikh

I believe that you supposed to perform "set vsx off" before adding new interface and "set vsx on" once it is done.

0 Kudos
RKinsp
Contributor
‎2021-01-18 04:23 PM
In response to Usman_Shaikh

Hello Usman,

Did you ever get this to work? I am trying the same thing but in a cluster. With set vsx off I can actually create the interface, but I have to set and IP and it shows up in all the VSs (not in SmartConsole thought). Thanks, RK

0 Kudos
Freco_Wong
Participant
‎2021-03-21 08:02 PM
In response to PhoneBoy

I need this too... in VSX mode, is there any updates?

0 Kudos
SimonDrapeau
Employee
Employee
‎2021-07-09 10:00 AM
In response to Freco_Wong

Using a loopback interface with Dynamic Routing in ClusterXL environments (including VSX)  is supported starting with Check Point R81.10.

Check Point R81.10 was released (July 6, 2021). For more information, see sk170416.

sk117794 has been updated accordingly.

Simon 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events