This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Contributor
Monday

change management's ip of cluster

Hi,

I would like to understand how I can do this ip managament change on a checkpoint cluster:

It involves switching from a Vlan X, to a VLAN Y on another subnet

let's say the current configuration is:

VIP: 10.10.0.1
GW1: 10.10.0.2
GW2: 10.10.0.3

New Firewall IPs
VIP: 10.10.12.1
GW1: 10.10.12.2
GW2: 10.10.12.3


Currently the interface configuration of gw has as this ip 10.10.0.x

Side switch eth x (mgmt of the cluster) is connected on an interface put in access on the VLAN (the old one)

i want to keep the same interface but with the new IPs, how can I do it?

0 Kudos
11 Replies
the_rock
Legend
Legend
Monday

Below is EXACTLY how to do it and its 100% right 🙂

Andy

https://community.checkpoint.com/t5/General-Topics/Change-Management-IP-addresses-in-Cluster/td-p/99...

0 Kudos
RemoteUser
Contributor
yesterday
In response to the_rock

So the only way to change ip of cluster mgmt (keeping the same interface) is to connect to firewalls in console?

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

Not really, BUT, keep in mind, if thats how you web UI to the fw, then you would lose the access. Alternatively, you could change it from clich, but then again, if that is the IP you use to ssh into the appliance, same thing would happen.

Andy

0 Kudos
RemoteUser
Contributor
yesterday
In response to the_rock

I already tried to change the firewall management IP's (so to access it) GAIA side and I lost connectivity, rightly so, and you couldn't access it anymore, clish side also...
That's why I'm asking, if I wanted to change the IP of the firewall mgmt, maybe I'd better send someone physically there to connect in the console?

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

I know fisciamnete means physically lol. But yes, I agree 100%, better to do that.

Andy

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

Just have them follow that link exactly how it was described.

Andy

0 Kudos
RemoteUser
Contributor
yesterday
In response to the_rock

in case you decide to use another interface for mangemnte instead, it is not necessary to have someone connected in the console right?

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

Thats right

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

Though, personally, I would still make sure someone has access to the appliance physically, but thats just me.

Andy

0 Kudos
RemoteUser
Contributor
yesterday
In response to the_rock

I agree with that

thank, Andy 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to RemoteUser

For what its worth, I NEVER even take a risk assuming installing jumbo will go 100% right and I dont say this in context of Check Point, I do this for any vendor (Cisco, PAN, Fortinet, etc...). I hope for the best, plan for the worst, so better be safe than sorry and have someone on site, JUST IN CASE.

Anyway, just my personal take on it.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events