This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pim_Dimmedal
Participant
‎2018-10-30 06:58 AM
Jump to solution

VSX Virtual Router Issue

I have an issue regarding VSX and the implementation of ClusterXL combined with a virtual router. I've created a lab setup (see attachment) and did some testing.

Internet connectivity on the EDGE router is verified:

1: I can ping 8.8.8.8 and google.com from my EDGE router

2: When I connect my client directly to my EDGE router i can also ping 8.8.8.8 and google.com

Connectivity from the client:

Ping from Client to 192.168.20.3 (Virtual System) is successful

Ping from Client to 192.168.1.2 (Virtual Router) is successful

Ping from Client to 192.168.1.1 (EDGE Router) is not successful

Ping from Client to 8.8.8.8 and google.com is not successful (obviously)

Connectivity from the virtual router (login to corresponding Virtual System ID of the router)

Ping from Virtual Router to 192.168.1.1 (EDGE Router) is successful

Ping from Virtual Router to 8.8.8.8 and google.com is successful

Ping from Virtual Router to 192.168.10.3 (Virtual System) is successful

Ping from Virtual Router to 192.168.20.4 (Client) is successful

It looks like the Virtual Router can connect to every part of the network but from the client I'm not able to get past the Virtual Router.

Does anyone know what I'm missing here?

Preview file
38 KB
0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2018-10-30 09:17 AM
In response to Pim_Dimmedal
Jump to solution

Well, it particular cases VSX entities are using non-routable IP addresses that just cannot be returned to the original source. Start there, see where it fails, and then, if that was not the case, we can move further

View solution in original post

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2018-10-30 09:04 AM
Jump to solution

You are missing the NAT for VS IP address 🙂 It is most probably pinging 8.8.8.8 with a funny IP address which is not routed back. Run fw monitor to prove

0 Kudos
Pim_Dimmedal
Participant
‎2018-10-30 09:07 AM
In response to _Val_
Jump to solution

I will run fw monitor tonight, but I'm using NAT on my EDGE router so I don't see the need to NAT on the VS as well.

0 Kudos
_Val_
Admin
Admin
‎2018-10-30 09:17 AM
In response to Pim_Dimmedal
Jump to solution

Well, it particular cases VSX entities are using non-routable IP addresses that just cannot be returned to the original source. Start there, see where it fails, and then, if that was not the case, we can move further

0 Kudos
Pim_Dimmedal
Participant
‎2018-10-30 10:00 AM
In response to _Val_
Jump to solution

I've found the issue. It seemed something was wrong with the route back from the EDGE to the Virtual Router.

Thanks for your suggestion.

Happy__
Collaborator
‎2019-01-09 06:54 AM
Jump to solution

I faced the same issue in my lab, I have two VS both external interface is connected with a virtual router, I able to reach to the virtual router but not getting the internet.

The virtual router is getting internet, I try to do with netting on VS with virtual router IP but policy failed.

There is any document related to this issue.

Can anyone help me to understand it?

"Well, it particular cases VSX entities are using non-routable IP addresses that just cannot be returned to the original source."

0 Kudos
Pim_Dimmedal
Participant
‎2019-02-12 11:28 AM
In response to Happy__
Jump to solution

Sorry for the late reply. Have you defined a route on the virtual router to both virtual systems, and a default route on both virtual systems to the virtual router? 

0 Kudos
Happy__
Collaborator
‎2019-02-12 11:34 AM
Jump to solution

Yes, I defined the default route is a virtual router for both VS and also defined routes on VR for reverse. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events