This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
MVP Gold
MVP Gold
7 hours ago

mgmt interface recommendations

The mgmt interface is for the manager to connect to the gateway correct?

One post recommended against using the MGMT interface for SIC, well I don't specifiy what interface is used for SIC however in the case an INT interface isn't defined yet, obviously the MGMT port would be used.

Also, in a cluster should you cluster your MGMT interface?

Also, you can define your gateways main IP address.  Should you ever define it as your MGMT interface?    Long time ago was always told to use the EXT interface to define the gw so you could ensure routing to it.

Labels
0 Kudos
8 Replies
the_rock
MVP Platinum
MVP Platinum
7 hours ago

Hey Dan,

Technically you can use any interface to be mgmt one, does not need to be native Mgmt interface on the firewall. Put it this way...if there was, say, eth1-03 defined on the firewall, you could use that as well, no issues.

Some people may use that interface for licensing purpose, even if its not physically connected to anything, which can also work.

Best,
Andy
0 Kudos
Vincent_Bacher
MVP
MVP
7 hours ago
In response to the_rock

Traditionally, the USercenter uses the mgmt interface alongside the serial number to identify a system, regardless of whether it is configured and used or not.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Platinum
MVP Platinum
6 hours ago
In response to Vincent_Bacher

That is correct Vince, would always list mgmt mac address there.

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
7 hours ago
In response to the_rock

Yeah, it seems like it's just another interface.  It can be clustered or private.   By marking an interface as MGMT it does NOT mean it will be used for communication with smartconsole.  

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
5 hours ago

Check Point has two things potentially called the "management interface", and neither has anything to do with SIC.

On branded boxes, one interface has a weird name: Mgmt. The MAC of this interface is used to uniquely identify the box in the User Center for support and licensing. The interface is not special in any other way. Unless you're using VSX, it's in the same routing table as all your other interfaces. I avoid using the interface named Mgmt because people expect it to be separate from the through-traffic interfaces.

On all systems, clish has a line in the configuration "set management-interface _____". This has no impact on how the firewall runs, it's not relevant to SIC, it's just a guardrail to prevent you from deleting the IP address.

SIC is just an application protocol which rides on top of the routing. The traffic will go over whichever interface the firewall's routing table says to use to reach the management, same as trying to ping the management server.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
4 hours ago
In response to Bob_Zimmerman

You got it, makes total sense.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
2 hours ago

Hey Dan,

Just curious, is this related to the license, SIC or something else? Or were you more wondering generally speaking?

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events