This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2023-12-17 11:33 PM

cpisp_update script does not work on R81.10?

Hello,

According to sk25152, it is necessary to make modifications to the cpisp_update script in order to manage static NAT when ISP Redundancy is enabled. However, during my troubleshooting process, I discovered that this script is not compatible with R81.10 and is not supported by the sk article either.


Due to the absence of the dynobj_cache table in R81.10, it is not possible to make the necessary decision. Therefore, I am curious about the alternative methods available for controlling Static NAT when ISP redundancy is enabled.

 TIA

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
19 Replies
PhoneBoy
Admin
Admin
‎2023-12-18 05:55 AM

As far as I know, this script is still valid.
In any case, it's probably worth engaging the TAC.

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 09:42 AM
In response to PhoneBoy

Nope it is not - That exact an issue I faced this morning and I tried flushing the dynobj_cache table and it says no such table exists. That means this script will not work

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-12-18 09:56 AM
In response to Blason_R

I have custom script R&D gave me last year for R81.10, can send it to you if you prefer, not sure if it would work though.

Andy

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 09:58 AM
In response to the_rock

Perhaps by examining the script, one may gain an understanding, as it is a straightforward bash script.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-12-18 10:02 AM
In response to Blason_R

Below is the link to it, not sure if you need to create an account to get it

Andy

https://andybee.sharefile.com/d-s9916ebbac8924613aba43487841be395

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 10:05 AM
In response to the_rock

That is right - yeah.

It is not allowing me download and it needs a account.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-12-18 10:07 AM
In response to Blason_R

If you can send me your email in direct message, I can provide the link that way, and for that you 100% dont need an account.

Andy

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 10:10 AM
In response to the_rock

Sent

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend
‎2023-12-18 10:11 AM
In response to Blason_R

you should have it now, I sent it back

Andy

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 10:14 AM
In response to Blason_R

Got it - Thanks.

So just replace the entire script with this one?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-12-18 10:15 AM
In response to Blason_R

Yes sir. Make sure to backup the original file of course.

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-12-18 11:54 AM
In response to Blason_R

Any luck?

0 Kudos
Blason_R
Leader
Leader
‎2023-12-18 11:37 PM
In response to the_rock

Havent had a chance to replicate it. Let me do that in a day or two and revert

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-12-19 05:07 AM
In response to Blason_R

K, no worries, take your time, hope it works.

Andy

0 Kudos
dede79
Contributor
‎2024-02-22 05:40 AM
In response to the_rock

have same issue.....so the script was changed and no sk telling us that?

Customers having R81 still work....fresh setup under R81.20 no chance (HA....manual nat)

0 Kudos
the_rock
Legend
Legend
‎2024-02-22 05:56 AM
In response to dede79

Message me directly, I will send it to you. I have no clue if it was changed...I cant be 100% sure, but I would say 90% it was not modified. The only reason why we got it was due a client having really weird problem described in below post.

Best,

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Policy-push-overwrote-default-route-on-cluster...

0 Kudos
the_rock
Legend
Legend
‎2024-02-22 06:19 AM
In response to dede79

Responsed to your message mate. Ping me back if you need clarification.

Best,

Andy

0 Kudos
dede79
Contributor
‎2024-03-05 01:59 AM
In response to the_rock

Update from TAC: sk25152 not supportet from R81.10 upwards. Supportet workaround would be using manual nat rules with zone in destination field.

0 Kudos
pedkha
Explorer
‎2024-03-18 08:55 AM
In response to dede79

Hi, but how should we do it? do we still need to update the script? if we add zone to destination what will be the translated source field in the NAT rule, we have 2 addresses for  ISP

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events