This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
S_E_
Advisor
‎2023-05-26 03:49 AM

sk34180 -Outgoing connections from cluster members

hi

just wondering regarding the sk34180 because we run into the issue in quite a lot of cluster (but not all)

Outgoing connections from cluster members are sent with cluster Virtual IP address instead of member's Physical IP address.
The only 'workaround seems to be to make the modification via GUIdbedit for every cluster. What an effort 😞   And you need to remember it as well when devices changes.

 

But why is this behavior default? I do not understand the use case.


If something happend on a device, I would like to get an snmptrap from the 'broken real device' and not from the Cluster VIP.

I guess the same for services like smtp or "contract_util mgmt" as well

Regards

0 Kudos
3 Replies
the_rock
MVP Diamond
MVP Diamond
‎2023-05-26 03:57 AM

I can try this in the lab later, but it appears guidbedit is ONLY applicable for R77.30 and below, which no one runs any longer (well, I sure hope not lol).

For new versions, it lists this kernel parameter:

By default, the Cluster Hide and Fold is enabled (controlled via the attribute "perform_cluster_hide_fold" in Cluster Object in Security Management Server database).

Value of attribute perform_cluster_hide_fold in Cluster Object controls the following:

  • Whether outgoing connections from cluster members will be hidden behind Cluster Cluster Virtual IP address - i.e., sent with Source IP address of Cluster Virtual IP address, or sent with Source IP address of member's Physical IP address
  • Whether incoming connections sent to Cluster Virtual IP address will be folded to member's Physical IP address, or the Destination IP Address will remain as Cluster Virtual IP address.
Value of
attribute		 How connections are Hidden / Folded by Cluster
true ("1")
(default)
  • Outgoing connections from cluster members will be sent with Source IP address of Cluster Virtual IP address (hidden behind Cluster VIP)
  • Incoming connections sent to Cluster Virtual IP address will be folded to member's Physical IP address (in case of VSX cluster, with Destination IP address that belongs to cluster Internal Communication Network)
false ("0")
  • Outgoing connections from cluster members will be sent with Source IP address of member's Physical IP address (in case of VSX cluster, with Source IP address that belongs to cluster Internal Communication Network)
  • Incoming connections sent to Cluster Virtual IP address will not be folded to member's Physical IP address (the Destination IP Address will remain as Cluster Virtual IP address)
Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
S_E_
Advisor
‎2023-05-26 04:04 AM
In response to the_rock

Hi

Thanks

b.t.w.

We stumbled over the same issue.  I guess the section for R77.30 ins only referring to the database revision control. The SK is slightly misleading. The should state in second section: For R80 or for all...

...

I can try this in the lab later, but it appears guidbedit is ONLY applicable for R77.30 and below, which no one runs any longer (well, I sure hope not lol)....

 

We checked on some devices (> R80.40) and the parameter is always true(default).

But I still do not understand the use case.

is snmp not used by others?

Regards

 

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-05-26 04:39 AM
In response to S_E_

You are 100% right, I gave feedback on the sk.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events