This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NiladriSarkar
Explorer
‎2024-03-07 05:54 AM

ipassignment.conf for Maestro environment

In regular cluster we mention the hostname to start the line in ipassignemnt.conf

Example in active-passive cluster :

for FW1 we will add the following line 

DC1-F1   net 172.1.1.0/21     dns=(10.6.32.12,10.52.42.136,10.20.65.70)  All_marketing_user

for FW2 we will add the following line 

DC1-F2  net 172.1.1.0/21     dns=(10.26.32.122,10.25.42.136,10.20.65.70)  All_marketing_user

now in an Maestro environment with three active gateways :

do we use the cluster name in place of (DC1-F1/F2 ) ?

0 Kudos
5 Replies
the_rock
Legend
Legend
‎2024-03-07 06:02 AM

I actually made note about this when CP Sales person was giving presentation to the customer about Maestro and they had exact same question and he told them that is exactly how you would do it. Im sadly not that versed with Maestro at all, so never tested it myself, but certainly has logic to it.

Best,

Andy

0 Kudos
NiladriSarkar
Explorer
‎2024-03-07 06:32 AM
In response to the_rock

thanks for responding @the_rock . I did try with the cluster name and it seems it does not always work ! 

Following my example above,  if an user from marketing connected to VPN 5 times, randomly 2 times he/she got a correct IP from ipasignement.conf.. 3 times he/she got an IP from DHCP which is for non-marketing users !!

 

imagine if we have rules restricted with source IP address.. it will be meaning less. 😞 

will be creating an TAC ticket. 

0 Kudos
the_rock
Legend
Legend
‎2024-03-07 06:35 AM
In response to NiladriSarkar

That sounds like a good idea...sorry, as I said, not so familiar with Maestro environment myself, so cant offer any other advice/

Hope TAC will help you. Let us know how it gets solved.

Best,

Andy

0 Kudos
NiladriSarkar
Explorer
‎2024-03-07 06:54 AM
In response to the_rock

thanks @the_rock .

0 Kudos
the_rock
Legend
Legend
‎2024-03-07 06:55 AM
In response to NiladriSarkar

No worries.

Andy

0 Kudos
Upcoming Events

    CheckMates Events