Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Evgeniy_Andreev
Contributor
Jump to solution

vSEC on ESXI interface problem.

Hello, all!
I have a stange issue with interfaces on virtual appliance. I have deployed R80.10 on ESXI host, and registered it on SMS (also virtual).
After installation, i added some interfaces to SG host, and enabled it using Web interface. In smart console, in Device properties-Network management i used get interfaces command, but it shows only one interface (should be 2)

What can be the root of this issue?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

An interface is not relevant to the firewall unless it has been configured as a mirror port or has an IP address.

As such, my personal take is that what you're seeing is expected behavior.

View solution in original post

13 Replies
PhoneBoy
Admin
Admin

Did you reboot the SMS after adding the interfaces in the ESXi Web Interface?

If not, that may be the reason.

0 Kudos
Evgeniy_Andreev
Contributor

Hi!

Yeah, i have rebooted both SG and SMS.

0 Kudos
PhoneBoy
Admin
Admin

What Adapter Type did you add?

On my system, they are added as Adapter Type e1000.

I believe (but haven't personally tried) vmxnet3 should work also.

0 Kudos
Evgeniy_Andreev
Contributor

Hi!

I used VMXNET 3, interface with same type already present in the system and works fine.

PhoneBoy
Admin
Admin

I recommend opening a ticket with the TAC to assist as it may be an issue with the driver: Contact Support | Check Point Software 

You can try using e1000 as a workaround, though.

0 Kudos
Evgeniy_Andreev
Contributor

I can't open a ticket in TAC, since i have no support contract.
As for your advice - i removed NIC with VMXNET3 and added E1000 adapter instead.
And now even web interface does not recognize this NIC.

0 Kudos
PhoneBoy
Admin
Admin

What version of ESXi are you using?

I am personally using 6.5.

I did not try and add interfaces after the fact, but rather provisioned the VM with multiple interfaces from the get go.

If you happen to be using 5, this is not supported with R80.10 per: Compatible Hardware List -- Virtual Machines (though 5.5 is supported)

Just as a test, I took a R80.10 VM I had set up and added an interface to it with the VM powered down.

When I booted it up, the second interface was recognized.

Make sure the Guest OS is set to RHEL 5 (64-bit) and compatibility is set to the latest hardware version supported.

Evgeniy_Andreev
Contributor

Hi
I solved this.
It is really strange logic in checkpoint, from my point of view.
It is not enough just enable interface, you have to set ip address on it. When i set ip address statically, smart console discover it.

Is it expected behavior?

Thanks you for all replies!

0 Kudos
PhoneBoy
Admin
Admin

For SmartConsole to "see" the interface, the interface must be enabled in Gaia OS.

Since it's possible to configure an interface as a mirror port, an IP isn't strictly required.

See: Monitor Mode on Gaia OS and SecurePlatform OS 

It's best practice to configure the interface in Gaia first before attempting to configure the firewall object with the interface (either manually or using Get Topology). 

0 Kudos
Evgeniy_Andreev
Contributor

Well, probably Checkpoint will fix it later.

But i checked it twice on two different VMs with latest updates - if there is no IP on interface, Smart Console doesn't see it. 

0 Kudos
PhoneBoy
Admin
Admin

An interface is not relevant to the firewall unless it has been configured as a mirror port or has an IP address.

As such, my personal take is that what you're seeing is expected behavior.

Vladimir
Champion
Champion

How about Bridge Mode?

0 Kudos
PhoneBoy
Admin
Admin

Also bridge mode

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events