This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
shauls
Contributor
‎2025-09-16 06:42 AM
Jump to solution

Migrate eth interface to a VLAN interface in bond

Hi,

I have an 1gb interface (eth5) that I would like to migrate as a vlan interface to an existing bond of two 10g interfaces (bond101.1).

I would like to know which steps exactly should I take to do so. It is a clusterXL, so it needs to be done on both members.

I saw some posts regarding this, but they are a little bit different from each other and old, so I would like to know which is the best option to do this today. 

We are using R81.10, management is R81.20.

Thanks.

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-09-16 07:11 AM
Jump to solution

Is this a coincidence or extension of this discussion?

https://community.checkpoint.com/t5/Management/have-different-physical-interfaces-in-a-cluster-in-sa...

CCSM R77/R80/ELITE

View solution in original post

9 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-09-16 07:11 AM
Jump to solution

Is this a coincidence or extension of this discussion?

https://community.checkpoint.com/t5/Management/have-different-physical-interfaces-in-a-cluster-in-sa...

CCSM R77/R80/ELITE
shauls
Contributor
‎2025-09-16 07:32 AM
In response to Chris_Atkinson
Jump to solution

Pure coincidence 😂 

Thanks!

the_rock
MVP Diamond
MVP Diamond
‎2025-09-16 07:21 AM
Jump to solution

I would definitely follow process Bob Zimmerman posted in the link Chris referenced, it works 100%.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-09-16 11:03 AM
In response to the_rock
Jump to solution

For reference, here's the direct link:

https://community.checkpoint.com/t5/Security-Gateways/ClusterXL-Changing-MGMT-and-eth2-from-1Gb-to-1...

The short explanation is that ClusterXL supports backing a cluster interface with a different logical interface on each member (e.g, you can have member 1 back the cluster VIP with eth5, then have member 2 back it with bond101.1). This isn't a common configuration, so I wouldn't leave it that way for more than a few hours.

Longer works fine, people just don't know what they're looking at when troubleshooting, and confusion extends outages.

0 Kudos
shauls
Contributor
‎2025-09-16 12:07 PM
In response to Bob_Zimmerman
Jump to solution

One part that is missing for me is the dhcp relay part.

Probably should be configured between step 2 to 4. 

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-09-16 12:32 PM
In response to shauls
Jump to solution

Yeah, step 3 should really be "bring all the config over from the old interface to the new interface". DHCP relay, proxy ARP, interface-local routes (used for off-net VIPs, like how VSX works), and so on.

0 Kudos
shauls
Contributor
‎2025-09-17 11:23 PM
In response to Bob_Zimmerman
Jump to solution

Thanks

One last question - it seems to me there is no downtime by following your method, am i correct? 

the_rock
MVP Diamond
MVP Diamond
‎2025-09-18 06:32 AM
In response to shauls
Jump to solution

Thats what I gather as well, though never personally tried it, but maybe @Bob_Zimmerman can say for sure.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-09-18 07:29 AM
In response to shauls
Jump to solution

There shouldn't be any downtime, but there may be PNOTEs and failovers. After all, you're changing the logical interfaces being monitored. This is why the process includes pinning the member down administratively until you're done with it and ready to fail over.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events