Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Francois_Beve
Employee Alumnus
Employee Alumnus
Jump to solution

How to connect to MDS R80.10 through alternate interface ?

hello, 

in R80.10, how to connect to MDS using another IP configured on any other interface than the MDS ip ? 

Its working when connecting throught the Mgmt interface. 

But not when tring through any other interface.

Customer indicated they had the same issue when configuring their MDS in R77.30 and a specific procedure has been applied to make it possible. Any idea how to do in R80.10?

see error message enclosed. 

regardss

François.

0 Kudos
1 Solution

Accepted Solutions
HenrikJ
Participant

Hello!

I got this working.

Do not try to access the MDS via the new interface.

What you should do, is route the real MDS-network to your new interface IP.

E.g.

Real leading interface has 10.0.0.1 / 24

New external interface 192.168.0.1 / 24

Create a route to 10.0.0.0/24 via 192.168.0.1

 

And then try to access 10.0.0.1 instead of 192.168.0.1.

The MDS will route this internally when it arrives, and I can successfully log into the MDS.

My version though is R80.30

View solution in original post

0 Kudos
11 Replies
Peter_Sandkuijl
Employee
Employee

Check the R80.10 MDM manual and search for: Using More than one Interface on a Multi-Domain Server

Changing the Leading Interface
You define the leading interface during the installation procedure, but you can change it later. If you add a new interface to a Multi-Domain Server after installation, define the Leading Interface manually.
To add a New Leading Interface:
1. From the Multi-Domain Server command line, run: mdsconfig
2. Select Leading VIP Interfaces, and then select Add external IPv4 interface.
3. Enter the interface name and press Enter.
Changing the Leading Interface:
1. From the Multi-Domain Server command line, run: mdsconfig
2. Do steps 2-3, in the above procedure, to add new interface.
3. Select Leading VIP Interfaces.
4. Select Remove External IPv4 interface.
5. Enter the interface name to remove and press Enter.

Eric_eric
Explorer

Hello,

I have the same issue. I tested to add a leading interface but it's doesn't work.

Regards,

Eric

0 Kudos
Francois_Beve
Employee Alumnus
Employee Alumnus

Hello Eric, My customer also report adding a leading interface does not works. 

At this step, I will recommend to engage support as the procedure is the official one described in Admin guide. 

http://dl3.checkpoint.com/paid/27/2792d875783ad607cb7d593a6c335ec7/CP_R80.10_Multi-DomainSecurityMan... 

0 Kudos
Dan_Zaidman
Employee
Employee

There can be only one leading interface , but you can change it , see the procedure in sk74020 - How to change the IP address of Domain Management Server

Let me know if it works for you.

Thanks

Dan

0 Kudos
Demith_Samaraw2
Contributor

Hi 

Did anyone find the solution for this, I also got the exact same issue, I can connect via MGMT, but i need a bond interface I have created to a leading interface, when i try to connect to Bond I also get the exact same error 

Domain 'Failed to find domainIp x.x.x.x' not found!

0 Kudos
PhoneBoy
Admin
Admin

As suggested, it's best to open a TAC case on this.

0 Kudos
Demith_Samaraw2
Contributor

Hi Dameon

I have raised a TAC case and seems it is a know issue on R80+ but they dont have a ETA for fix yet.

0 Kudos
Vladimir
Champion
Champion

I am not sure if this is applicable or will work in your current situation, but if you are setting up a new MDS, you can try using this procedure:

Create a /32 loopback interface with routable IP.

Advertise it to your network using dynamic protocol(s).

Declare it to be a target for licensing.

This way you should be able to connect to the IP address different from that of the default management interface.

Declare this interface to be a Leading Interface and use the bundled physical interfaces for connectivity to the rest of your infrastructure.

I've made this work previously on SMS, but never tried it on MDS. 

Please let me know if I am making incorrect assumptions or if this works.

Regards,

Vladimir

0 Kudos
Leandro_Nicolet
Contributor

I did this recently in VMWare workstation where I only had eth0, but mds backup came from a system with a leading interface with Mgmt. I  performed the changes in MDSCONFIG, but it still didn't work.

I then did the following and it worked for me.....

1. Change the interface name to Mgmt by editing the following.
/etc/udev/rules.d/00-OS-XX.rule

2. In clish re-ip the interface and change state to on. (i noticed after changing the interface name that the state had changed to off and the ip had been removed)

3. Reboot and perform an mds_restore


4. After restore completes, reboot again. Note ! it takes a good 20 mins to things to initially start, but thats probably just my VMWare resources.

0 Kudos
Aaron_Pritchar1
Participant

having same issue here.

I am testing the upgrade of R80.10 MDS to R80.20, with several CMAs included. This means that my target (R80.20) has the same IP addressing as the Source - which is still in production. This gives us IP conflicts, so i provisioned the 'real' leading VIP to be on an isolated subnet, with a secondary interface being routable on a different subnet.

this worked just find for the build process. and the database successfully import, and the MDS processes are up.
however when trying to Smartconsole onto the secondary interface (which i also have tried to setup as a leading VIP) i get the 'faile do tfind domainip'.

the only solution i can think of, would be to destination NAT from a firewall: i.e, connect to 10.1.1.1 (IP owned/arped for on a firewall) and destination NAT it to this MDS's real IP 10.2.1.1. Obviously, this will need t obe an isolated DMZ otherwise i'll get the address conflict.

in my world however, i dont have a firewall between my PC and the MDS 'lab' i am building to.

hopefully someone will have a fix for this soon.

0 Kudos
HenrikJ
Participant

Hello!

I got this working.

Do not try to access the MDS via the new interface.

What you should do, is route the real MDS-network to your new interface IP.

E.g.

Real leading interface has 10.0.0.1 / 24

New external interface 192.168.0.1 / 24

Create a route to 10.0.0.0/24 via 192.168.0.1

 

And then try to access 10.0.0.1 instead of 192.168.0.1.

The MDS will route this internally when it arrives, and I can successfully log into the MDS.

My version though is R80.30

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events