This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
vinceneil666
Advisor
‎2020-06-16 03:40 AM

Maestro, magg interface bond.

Hi,

While working with Maestro I have created the magg0 interface, the bond for management. This interface is connected to my mgmt subnet where my management, log server and monitoring/backup servers are. - I will assume this is pretty standard.

What I have come across in some customer enviroments is that this subnet actually also contains a router, and has quite a few other subnets availaable... why this is done, and if it is a good idea is another question - but related to migrating to a maestro solution my question is this:

Is there anything besides the magg interface bond is running on a xor lacp setup (bringing the bandwidth down in comparison to the other general bonds for production) that would prevent me from using this as any other interface ? I see that I have the option to add a override on the spoofing and attaching a group for my attached subnets. 

So besides a somewhat different lacp setup - is there anything else related to the magg interface that I should consider related to the functionality of the firewall itself.

 

(To change the design of the l3 network is of course something I would like to do - but this is a timing issue and will probably trigger a project streching for months. )

0 Kudos
3 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2020-06-16 03:56 AM

Actually the Magg interface shouldn't be used to route traffic i.e. another device on the same subnet should be the default gateway.

 

01800842 - Hide NAT for traffic initiated from the Management interface of Maestro Security Appliances is not supported.

Refer: sk148074

CCSM R77/R80/ELITE
vinceneil666
Advisor
‎2020-06-16 04:02 AM
In response to Chris_Atkinson

That bug or non supported feature you are refering tothere is for R76SP , Im running R80.20SP. As far as I can see there is no issues as such for the r80 version - and I am also prettu sure I got hide nat working without an issue 🙂 

0 Kudos
vinceneil666
Advisor
‎2020-06-16 04:09 AM
In response to Chris_Atkinson

Oh, I see that it is still not resolved - my bad ! . thank you
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events