This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jbeckner
Participant
‎2022-10-05 09:17 AM
Jump to solution

"Get interfaces" changes after version upgrade

Hopefully a quick question - we did a full export/fresh install/import of management in a VM to go from r77.30 to r80.40 last year, and have recently upgraded our physical firewall HA cluster to 6600s. These are HA active/passive.

When we moved to the 6600s, we had to rename a few of the physical interfaces as the port names changed. Things have been stable with no issues, 

I now need to add VTI interfaces for a VPN tunnel to AWS. Following sk100726 I get down to "re-fetch the interface configuration"
to read and configure the new VTI interfaces and I instantly have changes on ALL of my existing physical interfaces.

I have been advised in the past to use "without topology" so I did that.

Looking at the object itself if seems like everything is the same except for the "Name" at the top.
Network Type, Member IDs, and Topology all look the same. Advanced Tab looks the same.
"Name" changed from "devdot1q" to the actual interface name "eth7.32" 

BUT I now have 69 "changes" pending. Most of them seem to be removing then adding back in the anti spoofing rules, etc.
But I now have 69 objects to look at before pushing policy to see what the "changes" are and it's worrying that I am
not going to understand what it did or what the impact is.

1) How do I make sure these changes are harmless/not actually changing anything before pushing policy? 

2) Are all these name changes "normal" after an version upgrade like this?
    The old "Name" field was something we typed in it looks like. 

 

Thanks in advance.

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-07 10:21 AM
Jump to solution

Whenever you "Get Interfaces" (with or without topology), if there is a change to the interface names compared to what's stored, you will see the object change.
As for the changes, you do realize that SmartConsole has a change report you can review, correct? See sk166435.
That should help you review the various changes that were made to ensure they are not going to cause any issues.

image.png

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-10-07 10:21 AM
Jump to solution

Whenever you "Get Interfaces" (with or without topology), if there is a change to the interface names compared to what's stored, you will see the object change.
As for the changes, you do realize that SmartConsole has a change report you can review, correct? See sk166435.
That should help you review the various changes that were made to ensure they are not going to cause any issues.

image.png

0 Kudos
jbeckner
Participant
‎2022-10-08 01:37 PM
In response to PhoneBoy
Jump to solution

Thanks - going to gut it out and compare before and after screenshots.

The version of Management I am using does NOT have that feature - is that an additional management blade?
Or do I need to be on a later version? This is R80.40. 
HOTFIX_R80_40_JHF_COMP Take: 120
See attached screenshot. 

 

 

Preview file
36 KB
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-10-08 05:42 PM
In response to jbeckner
Jump to solution

It's native in R81, for earlier versions refer: sk166435

CCSM R77/R80/ELITE
0 Kudos
jbeckner
Participant
‎2022-10-10 10:47 AM
In response to Chris_Atkinson
Jump to solution

Outstanding, I had no idea that was possible and will be a HUGE comfort going forward. Thanks for that. 

I did the work, turns out the only fallout was now my VPN clients think one of the new virtual interfaces I added (first time on those for me) is the real IP of the gateway, but I sorted that out with apply_resolving_mechanism_to_SR to false in GuiDbEdit thanks to some other hints here on CheckMates. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events