This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
jessica_smith
Nickel
‎2018-09-12 12:58 PM

adding/configuring interface causing error in cluster setup - policy error

On a cluster firewall with VRRP , I have tried to configure one of the interfaces on the firewall , when I first tried with get topology but could not get the correct topology,
I have configured it on the active firewall of the cluster but when I installed the policy ‭I am getting below error


Installation Targets Version Policy Type Details
NEWYORK-CLUSTER R77.30 Network Security The Topology information must be configured for object newyorkfw1, interface eth6, in order to use the selected features.
NEWYORK-CLUSTER R77.30 Network Security Failed to generate the rulebase
NEWYORK-CLUSTER R77.30 Network Security Operation ended with errors.
NEWYORK-CLUSTER R77.30 Network Security Operation ended with errors.

4 Replies
Highlighted
AlekseiShelepov
Gold
‎2018-09-12 01:17 PM

You have a cluster object NEWYORK-CLUSTER which consists of newyorkfw1 and newyorkfw2, I suppose. Open NEWYORK-CLUSTER object properties, go to Topology tab, click Edit button. There is eth6 in the list of interfaces, what type of interface is set there, cluster/private/sync? Cluster interfaces must have cluster virtual IP address defined. Right click on it, choose Edit interface, go to Topology tab, define topology. Be careful, as if you incorrectly define topology you might block access to the firewall. If it is not a cluster interface, you need to do the same for eth6 interface of the second member of the cluster.

Also if you got some topology, but didn't get the correct one, probably it is configured in a wrong way on devices themselves.

I would highly recommend to read Admin Guides before configuring firewalls.
ClusterXL Administration Guide 

Gaia Administration Guide 

Highlighted
Vladimir
Pearl
‎2018-09-12 01:22 PM

I would also add that personally, I would stay away from "Get Interfaces with Topology" option, except when deploying a brand new cluster.

It's been known to cause some unpleasant issues as well as creates "phantom" network objects.

IMHO, best to "Get Interfaces" and define topology manually. 

Highlighted
Danny
Pearl
‎2018-09-12 02:36 PM

I fully agree.

Jessica, configure your cluster topology consistent on both, the gateway side as well as the centrally configured management side. Stay away from reading in the topology from the getways as Vladimir recommended.

Highlighted
jessica_smith
Nickel
‎2018-09-13 11:43 AM

thank you Aleksei, Vladimir and Danny Smiley Happy you all are the best, all working Smiley Happy 

0 Kudos