Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Maestro R81.10 - Interface Distribution Issue

I have the issue in Maestro under R81.10 that I can not change the distribution of the interface in the security group.
The Distribution Mode is assigned to Auto-Topology (is not working in the General Mode). So this should be possible, right?

Here is a picture with the show command:
maestro_dist_issue.png

I have the same problem when I set the Distribution Mode for an interface:
maestro_dist_issue_2.png

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
8 Replies
Jochen_Hoechner
Employee
Employee

Hi, 

this interface is assigned to the security group and has no VLAN configured? 
did you try to check 'show  distribution interface' then ? or [tab] key? 

Thanks
Jochen

HeikoAnkenbrand
Champion Champion
Champion

>>>this interface is assigned to the security group and has no VLAN configured?
yes
>>>did you try to check 'show distribution interface' then ? or [tab] key?
The [tab] key does not work and does not display an interface.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Lari_Luoma
Ambassador Ambassador
Ambassador

@HeikoAnkenbrand 
I'm checking this internally. I tested in the lab and got the same error. Will get back to you.

Jochen_Hoechner
Employee
Employee

Hi, I got no issues with R81.10 JHF Take 30. 

[Global] FW-XXXXX > show distribution interface bond1.104 configuration
1_01:
policy-internal

1_02:
policy-internal

1_03:
policy-internal

1_04:
policy-internal

Lari_Luoma
Ambassador Ambassador
Ambassador

Can you confirm if you had policy installed and the interfaces you tried to configured were in the topology? It appears that this might be the issue.

Lari_Luoma
Ambassador Ambassador
Ambassador

I can confirm that the policy installation fixed the issue for us.

Jochen_Hoechner
Employee
Employee

Hi Lari, I confirm, system has a security policy. 

It is logical: As long as the machine does not have a policy or initial policy, interfaces do not have a Topology. 
As long as interfaces do not have a topology, their topology is 'undefined'.

The 'good old' asg if command will also not display interfaces as long as you do not have a policy.

Best
Jochen

Satya2021
Contributor

[Global] HO-GW-ch01-02> show distribution verification verbose
Test: Configuration: Local SGM: Orchestrator 1: Orchestrator 2: Result:
Mode per-port per-port per-port per-port Passed
L4 Mode on on on on Passed
Matrix Size 512 512 512 512 Passed
eth1-06 policy-external-l4 policy-external-l4 external-l4 -- Passed
eth1-07 policy-external-l4 policy-external-l4 external-l4 -- Passed
eth2-07 policy-external-l4 policy-external-l4 -- external-l4 Passed
eth2-06 policy-external-l4 policy-external-l4 -- external-l4 Passed

Matrix:
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2

Matrix verification passed successfully

Verification passed successfully