cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Host Topology

Hi All,

I have R77.30 Mgmt server and they have created a Host object and in the host object they have created the Topology for the same, For ex: Host Object: 158.23.x.x and in (If you go to details)topology they have given Internal-> Topology 10.35.x.x . Please let me know what will be the situation to create such configurations? If i try delete that , it creates a outage am not able to identify why it was created.

Thanks

Vijay

0 Kudos
6 Replies
Vladimir
Jade

Re: Host Topology

Hmm.. Is your host really a multihomed device?

I do not typically see management servers with defined host topology.

The one reason I can think of to do it would be if you are using local loop address as a management's primary and referring to it in the policy by the host object.

0 Kudos
Employee+
Employee+

Re: Host Topology

Does the host object correspond to another multi-homed device e.g. router or the management node itself and where if at all is it used in the security policy?

Is the subnet from the host objects topology also accounted for in the security gateways topology and do you have any logs from during the outage that provide a drop reason? e.g. anti-spoofing (only shown if implied rules are configured for logging)

0 Kudos

Re: Host Topology

No, it is just a server that's it. Only for few servers it was configured like this. If we remove the topology the traffic is dropped. Is it a very old technology in CP ? 

Vijay

0 Kudos
Vladimir
Jade

Re: Host Topology

Please clarify: is this host object representing Check Point Management Server or some other server?

Is the host's primary IP different from that defined in topology?

Is there a Static NAT configured for this host's object?

Are there any manual NAT rules that reference IP defined in Topology?

0 Kudos

Re: Host Topology

Hi,

Thanks. it is not representing any CP object. It is just a regular server. There is no Manual or Static NAT configured. All configured is Host level Topology. Now I wanted to remove it but I haven't seen this kind of config ,so bit worried to remove it.

Vijay

0 Kudos
Employee+
Employee+

Re: Host Topology

A potential case of bad practice assigning multiple IPs to the same object rather than updating it upon IP change is one other possible explanation...

In this case it should be sufficient to identify what hosts now occupy the IPs and update or create new objects / rules to cater for them prior to removal from the identified objects topology to cleanse it.

0 Kudos