This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vijay_Nagaraj
Contributor
‎2019-01-04 07:51 AM

Host Topology

Hi All,

I have R77.30 Mgmt server and they have created a Host object and in the host object they have created the Topology for the same, For ex: Host Object: 158.23.x.x and in (If you go to details)topology they have given Internal-> Topology 10.35.x.x . Please let me know what will be the situation to create such configurations? If i try delete that , it creates a outage am not able to identify why it was created.

Thanks

Vijay

0 Kudos
6 Replies
Vladimir
Champion
Champion
‎2019-01-04 02:22 PM

Hmm.. Is your host really a multihomed device?

I do not typically see management servers with defined host topology.

The one reason I can think of to do it would be if you are using local loop address as a management's primary and referring to it in the policy by the host object.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2019-01-04 05:29 PM

Does the host object correspond to another multi-homed device e.g. router or the management node itself and where if at all is it used in the security policy?

Is the subnet from the host objects topology also accounted for in the security gateways topology and do you have any logs from during the outage that provide a drop reason? e.g. anti-spoofing (only shown if implied rules are configured for logging)

CCSM R77/R80/ELITE
0 Kudos
Vijay_Nagaraj
Contributor
‎2019-01-06 04:01 PM
In response to Chris_Atkinson

No, it is just a server that's it. Only for few servers it was configured like this. If we remove the topology the traffic is dropped. Is it a very old technology in CP ? 

Vijay

0 Kudos
Vladimir
Champion
Champion
‎2019-01-06 07:37 PM
In response to Vijay_Nagaraj

Please clarify: is this host object representing Check Point Management Server or some other server?

Is the host's primary IP different from that defined in topology?

Is there a Static NAT configured for this host's object?

Are there any manual NAT rules that reference IP defined in Topology?

0 Kudos
Vijay_Nagaraj
Contributor
‎2019-01-06 08:50 PM
In response to Vladimir

Hi,

Thanks. it is not representing any CP object. It is just a regular server. There is no Manual or Static NAT configured. All configured is Host level Topology. Now I wanted to remove it but I haven't seen this kind of config ,so bit worried to remove it.

Vijay

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2019-01-07 02:43 AM
In response to Vijay_Nagaraj

A potential case of bad practice assigning multiple IPs to the same object rather than updating it upon IP change is one other possible explanation...

In this case it should be sufficient to identify what hosts now occupy the IPs and update or create new objects / rules to cater for them prior to removal from the identified objects topology to cleanse it.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top