Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
P_M
Participant

Logical Server not working (R.80.30)

Hello,

 

I have created several logical servers for load balancing traffic to a group of Internal servers.

The logical servers with Public Virtual IP addresses inwards to the Internal servers work fine, but the logical servers with Internal Virtual IP addresses  towards internal servers are not working. 

All the Virtual IP addresses are on same subnets as the Gateways interfaces.

Only difference being that the addresses on the Public Interface has entries in $FWDIR/conf/local.arp.

Should I create entries for the Internal Virtual IP addresses in $FWDIR/conf/local.arp ?

 

Regards PM

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

I'm confused what you mean by "internal virtual IP addresses."
There should be servers that answer on those IP addresses.
Can you describe your configuration in more detail?
Screenshots and network diagrams would also help.
0 Kudos
P_M
Participant

Hello,

Sorry I was not clear, and hereby make another attempt to explain my dilemma.

Below are the screenshots of the rule and the configuration for the Logical Server. I attach a diagram of the Network Topology.

The Internal VIP (Logical Server) has a private IP address  of 10.0.0.35 and is on a subnet on one of the FireWall Interface. Behind the Logical Server are two servers (servergroup) that are on the Internal network.

The Clients are on the Internal network, with private IP addresses, i.e. 10.1.2.29 for example, and the servers are in a Firewall segment (DMZ).

P_M_0-1586423450158.png

 

P_M_1-1586423450165.png

 

The External Logical server (with Public IP address) works, and on the External Interface there is Proxy Arp configured for the IP address for the Logical server. 

The Internal Logical server (with Private IP address) does not work, and if I understood CheckPoints Help manual right, then a Proxy Arp for this Logical Server would automatically be created during Publishing/Installation of the rule?

 

Best regards 

Peter

 

0 Kudos
PhoneBoy
Admin
Admin

That helps.
What do you see on a tcpdump when you try and access 10.0.0.35 from the internal interface?
What does fw ctl arp say?
In general, a proxy-arp should be created, but perhaps it's not in this case.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events