Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Adding a VLAN Interface into firewall cluster

Hi Experts,

We're planning to add a VLAN Interface into the firewall cluster (R77.30) and the Smart console version is R80.30

Have gone through SK57100 which says 'maintenance window' is required and it may cause an outage when fetching the topology.

 

While the article sk118518 says it can be done without fetching the topology and the plan is:-

To create a VLAN interface on both the firewalls via Gaia portal

Smart console -> Create a new Interface with 'cluster'

Create the interface with VIP address and click on Modify -> Enter the gateway members interface IP addresses of both the firewalls

Enable Anti-Spoofing

Save and install the policy.

 

With this option, believe anti-spoofing isn't overridden for other interfaces or no topology/routing changes will be made.

Is this correct way to do or can you please suggest the best way to achieve this without any outage or failover.

 

Thanks,

 

2 Replies
Highlighted
Authority
Authority

What you described should work totally ok. Wether to do manual spoofing or fetch topology automatically is a personal choice. We use automated option and never really had any problems. No interruptions or failovers during configuration. I just find manual prone to errors if you have high number of interfaces and routes.

Highlighted
Contributor

Hi Kaspars,

Thanks for the reply.

Hope by adding this, new interfaces will be reported when the "cphaprob -a if" issued.

Also, can you please suggest what rollback option should be followed to minimize the outage (if something goes wrong)? Just by reverting the installation history or by reverting the snapshot.

Thanks.

0 Kudos
Reply