Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ashish_Shah1
Explorer

Adding-Removing Interface in ClusterXL R80.10

Hi,

We have R80.10 running as Management server for ClusterXL on R77.30. 

Yesterday one of my team mate tried to add new interface to cluster via GUI first and than clicked "Get Interface" from SmartConsole. As per her, that changed everything for all interfaces including "Anti-Spoofing" settings and she has to backout changes.

Any reason why this could have happened and is there easy/quick way to roll-back?

Regards,

Ashish Shah

1 Reply
Timothy_Hall
Legend Legend
Legend

This situation is described here:

sk118518: How to get the interfaces without changing the current topology in SmartConsole R80 and ab...

If you download the latest build 5 of the R80.10 SmartConsole and install it, both the options "Get Interfaces with Topology" (which DOES try to update anti-spoofing) and "Get Interfaces" (which DOES NOT try to update anti-spoofing) will be present once again as they were in R77.30. 

As far as backing out, in R80+ you can go to "Installation History" and immediately reinstall a known-good policy to the gateway that does not have the erroneous anti-spoofing changes in it.  That will buy you time to fix the antispoofing config in your current setup.

If the antispoofing changes have chopped you off from pushing a corrected policy to the gateway via Installation History or otherwise, you can run these commands on the gateway to disable antispoofing on the fly without doing a "fw unloadlocal" full outage, and then be able to push a corrected policy:

fw ctl set int fw_antispoofing_enabled 0
sim feature anti_spoofing off ; fwaccel off ; fwaccel on

Once a corrected policy has been pushed and verified, don't forget to immediately turn antispoofing back on like this:

fw ctl set int fw_antispoofing_enabled 1
sim feature anti_spoofing on ; fwaccel off ; fwaccel on

While it is possible to easily back out session changes to rules in a policy layer via Actions...History...Revert, unfortunately there is no way I know of to quickly back out changes to an object. 

However you can go to Manage & Settings...Revisions.  Find the session where the "Get Topology" antispoofing changes were made and highlight it.  On the lower part of the screen then pick the Audit Logs tab.  If you peruse all these Audit Logs you can see precisely what antispoofing changes were made by the Get Interfaces operation and manually reverse them.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com