change management's ip of cluster

RemoteUser · ‎2025-03-31

Hi,

I would like to understand how I can do this ip managament change on a checkpoint cluster:

It involves switching from a Vlan X, to a VLAN Y on another subnet

let's say the current configuration is:

VIP: 10.10.0.1
GW1: 10.10.0.2
GW2: 10.10.0.3

New Firewall IPs
VIP: 10.10.12.1
GW1: 10.10.12.2
GW2: 10.10.12.3

Currently the interface configuration of gw has as this ip 10.10.0.x

Side switch eth x (mgmt of the cluster) is connected on an interface put in access on the VLAN (the old one)

i want to keep the same interface but with the new IPs, how can I do it?

the_rock · ‎2025-03-31

Below is EXACTLY how to do it and its 100% right 🙂

Andy

https://community.checkpoint.com/t5/General-Topics/Change-Management-IP-addresses-in-Cluster/td-p/99...

Best,
Andy
"Have a great day and if its not, change it"

RemoteUser · ‎2025-04-01

So the only way to change ip of cluster mgmt (keeping the same interface) is to connect to firewalls in console?

the_rock · ‎2025-04-01

Not really, BUT, keep in mind, if thats how you web UI to the fw, then you would lose the access. Alternatively, you could change it from clich, but then again, if that is the IP you use to ssh into the appliance, same thing would happen.

Andy

Best,
Andy
"Have a great day and if its not, change it"

RemoteUser · ‎2025-04-01

I already tried to change the firewall management IP's (so to access it) GAIA side and I lost connectivity, rightly so, and you couldn't access it anymore, clish side also...
That's why I'm asking, if I wanted to change the IP of the firewall mgmt, maybe I'd better send someone physically there to connect in the console?

the_rock · ‎2025-04-01

I know fisciamnete means physically lol. But yes, I agree 100%, better to do that.

Andy

Best,
Andy
"Have a great day and if its not, change it"

the_rock · ‎2025-04-01

Just have them follow that link exactly how it was described.

Andy

Best,
Andy
"Have a great day and if its not, change it"

RemoteUser · ‎2025-04-01

in case you decide to use another interface for mangemnte instead, it is not necessary to have someone connected in the console right?

the_rock · ‎2025-04-01

Thats right

Best,
Andy
"Have a great day and if its not, change it"

the_rock · ‎2025-04-01

Though, personally, I would still make sure someone has access to the appliance physically, but thats just me.

Andy

Best,
Andy
"Have a great day and if its not, change it"

RemoteUser · ‎2025-04-01

I agree with that

thank, Andy

the_rock · ‎2025-04-01

For what its worth, I NEVER even take a risk assuming installing jumbo will go 100% right and I dont say this in context of Check Point, I do this for any vendor (Cisco, PAN, Fortinet, etc...). I hope for the best, plan for the worst, so better be safe than sorry and have someone on site, JUST IN CASE.

Anyway, just my personal take on it.

Andy

Best,
Andy
"Have a great day and if its not, change it"

the_rock · ‎2025-04-02

Hey mate,

Were you able to get this done?

Andy

Best,
Andy
"Have a great day and if its not, change it"

RemoteUser · ‎2025-04-02

Hi Andy,

Not yet, I will almost certainly send a person to physically plug into the console.

the_rock · ‎2025-04-02

K, sounds good!

Best,
Andy
"Have a great day and if its not, change it"

Are you a member of CheckMates?

change management's ip of cluster