This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
speedbot33
Contributor
‎2025-10-10 07:20 AM

Get interfaces WITH/WITHOUT topology

New post here coming from an older post 

community.checkpoint.com/t5/Security-Gateways/Get-Interfaces-with-topology/m-p/259649#M50924

Here's a curious behavior and what would be the best practice regarding the dreaded "get interfaces WITH topology".

Of course, this is using as a reference the well redacted sk183590.

What happens when you have interfaces that they update their topology automatically(based on routing) and after configuring static- routes, the networks aren't  added into the network group object under the interface as they're supposed to?

As to my issue that happened several days ago, to make matters worse, the network group object was nowhere to be found in SmartConsole browser object(yes, I did check for specific filters) and no joy. However,  the object does exists thru mgmt_cli! Even AI Copilot said so! lol.

 

So, apparently using the WITHOUT option was NOT the correct way and since I'm not particularly fond of the WITH option in a production environment, which probably could've solved the problem, I  ended up adding them manually with mgmt_cli API. It was kinda fun the workaround, but got me thinking, was it a normal behavior? What are we supposed to do in these circumstances?

0 Kudos
4 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-10-10 07:48 AM

I'm a bit confused. Are you using the Override > This Network (Internal) > "Network defined by routes" option on the interface? If so, there is no network group object representing the networks out that interface unless you manually make one. And if you manually make such a group, you have to manually maintain it.

0 Kudos
speedbot33
Contributor
‎2025-10-10 08:32 AM
In response to Bob_Zimmerman

These interfaces were done by a previous admin and SmartConsole IMO is not consistent when it comes to these topology options. For instance:

The interfaces in question(done by prev admin) show as Internal but not overridden, and they do have a topology object which automatically created the "Net_" objects.(these objects nor the Network Group itself do not appear in searches done thru the Object Explorer in SmartConsole as stated in OP but do appear in searches thru the mgmt_cli)

Interfaces configured by me, I've explicitly used defined by routes, defined by the intf and netM, etc...

I believe the interfaces in question where created using the Not defined (Internal) option. My question would be, if this option is the one that also creates automatically a topology based on routes?

the_rock
MVP Platinum
MVP Platinum
‎2025-10-10 08:43 AM
In response to speedbot33

Its the one that says "defined by routes"

If topology changes, its auto updated, no need to change anything.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-10-15 01:47 AM

Hey @speedbot33 

Were you able to figure this out?

Best,

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events