Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vijay_Nagaraj
Contributor

Host Topology

Hi All,

I have R77.30 Mgmt server and they have created a Host object and in the host object they have created the Topology for the same, For ex: Host Object: 158.23.x.x and in (If you go to details)topology they have given Internal-> Topology 10.35.x.x . Please let me know what will be the situation to create such configurations? If i try delete that , it creates a outage am not able to identify why it was created.

Thanks

Vijay

0 Kudos
6 Replies
Vladimir
Champion
Champion

Hmm.. Is your host really a multihomed device?

I do not typically see management servers with defined host topology.

The one reason I can think of to do it would be if you are using local loop address as a management's primary and referring to it in the policy by the host object.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Does the host object correspond to another multi-homed device e.g. router or the management node itself and where if at all is it used in the security policy?

Is the subnet from the host objects topology also accounted for in the security gateways topology and do you have any logs from during the outage that provide a drop reason? e.g. anti-spoofing (only shown if implied rules are configured for logging)

CCSM R77/R80/ELITE
0 Kudos
Vijay_Nagaraj
Contributor

No, it is just a server that's it. Only for few servers it was configured like this. If we remove the topology the traffic is dropped. Is it a very old technology in CP ? 

Vijay

0 Kudos
Vladimir
Champion
Champion

Please clarify: is this host object representing Check Point Management Server or some other server?

Is the host's primary IP different from that defined in topology?

Is there a Static NAT configured for this host's object?

Are there any manual NAT rules that reference IP defined in Topology?

0 Kudos
Vijay_Nagaraj
Contributor

Hi,

Thanks. it is not representing any CP object. It is just a regular server. There is no Manual or Static NAT configured. All configured is Host level Topology. Now I wanted to remove it but I haven't seen this kind of config ,so bit worried to remove it.

Vijay

0 Kudos
Chris_Atkinson
Employee Employee
Employee

A potential case of bad practice assigning multiple IPs to the same object rather than updating it upon IP change is one other possible explanation...

In this case it should be sufficient to identify what hosts now occupy the IPs and update or create new objects / rules to cater for them prior to removal from the identified objects topology to cleanse it.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events