Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
babicmilan
Collaborator

Management interface on gateway

Please let me know why is it important to select management interface on gateway?

gaia> show management interface

gaia> set management interface eth2

If I put command "set management interface eth2" in gaia clish eth2 is new management interface (by default it is Mgmt).

 

I am in doubt what is purpose of management interface on gateway and how is it treated?

1) Is it special interface over which to catch Management server, or
2) Is it an interface over which you can access gateways regarding installed policy, or
3) Is that interface plays some role in licensing of gateway (as you know MAC address of Mgmt interface is important for licensing).

Best regards,

Milan Babic

 

0 Kudos
3 Replies
the_rock
Legend
Legend

https://community.checkpoint.com/t5/Security-Gateways/set-management-interface/td-p/113652

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Managem...

I would say its not necessarily tied to the license itself, but it may depend how it was configured initially, though it can always be relicenses.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend

The short answer that the term "management interface" is mainly referring to Gaia OS management and some other internal functions.  Setting an interface as "management" causes that interface IP to be mapped to the hostname of the system in /etc/hosts.  Elements of Gaia/Linux will look at this mapping for various purposes, it also does affect some Check Point code operations such as Multi-Queue integration and logging.  You can find a detailed explanation here: What are the implications of setting an interface as "management interface" ?

We never quite got a definitive answer from R&D as to whether my experience-based assertions about the management interface were completely correct, tagging @PhoneBoy for an assist...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin

As of right now, unless you have turned on Management Data Plane Separation, the management interface is just like any other interface (Except for the driver used by the OS, possibly).
That's my understanding at least.

This will apparently change in R82 with ElasticXL as, from the preliminary documentation I've read, it appears that four interfaces are required for a cluster (internal, external, sync, and dedicated management). 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events