- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Is there any procedure to add or remove an interface in vrrp high availability topology without cause fail-over?
Danny
Sure. First stop the standby member (or disconnect / shut down it's network interfaces) so that it cannot become active. Then remove the interface on the active and stopped standby member. Finally start the standby member again. Adjust the cluster topology within your SmartCenter as well and push policy.
Thank you for the reply
To stop the standby, is there an equivalent cmd like for clusterXL mode (clusterXL_admin up/down)?
Danny
Not that I know of. I'd simply use cpstop/cpstart.
Maarten_Sjouw
On the backup gateway use the command:
set vrrp disable-all-virtual-routers on
Now make the changes you want, if you need to remove an interface from the list, first do it from the backup, then you don't need the above command either. Once your done just send the same command with off at the end.
Thanks all for your contributions
I was able to add a new interface without any issue. I used finally clusterXL_admin command
Maarten_Sjouw
Just so you know, VRRP will only take notice of that state if FW monitor is on. set vrrp disable-all-virtual-routers will really make sure VRRP will be admin down and clusterXL_admin doen will only put that system in problem state not in down state.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY