cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

R80.10 Management and R77.30 Gateways in Bridge mode

Looking to upgrade management from R77.30 to R80.10. In QA I'm getting validation errors for the firewalls in bridge mode which have no IP addresses on the fail-open interfaces (so 0.0.0.0/0.0.0.0). I don't have the ability to push from QA so I need to confirm if this is an issue installing policy? I cant seem to find any documentation on it. 

0 Kudos
9 Replies
Admin
Admin

Re: R80.10 Management and R77.30 Gateways in Bridge mode

Those interfaces shouldn't have IPs on them for sure.

Which version of SmartConsole are you using?

Also, let me put this in ‌.

0 Kudos

Re: R80.10 Management and R77.30 Gateways in Bridge mode

It's R80.10 SmartConsole Build 024

0 Kudos

Re: R80.10 Management and R77.30 Gateways in Bridge mode

Hi, for this kind of problems I really recommend that you open a support ticket, so that Check Point support will be able to identify the root cause and see how this problem cannot happen for other customers as well.

0 Kudos

Re: R80.10 Management and R77.30 Gateways in Bridge mode

Hi, You have to make sure that bridge interfaces are not a part of topology tab in Dashboard.

0 Kudos
Admin
Admin

Re: R80.10 Management and R77.30 Gateways in Bridge mode

I believe you mean: not defining topology on the interface (i.e. not as internal or external).

0 Kudos

Re: R80.10 Management and R77.30 Gateways in Bridge mode

My Bad) Topology still can be defined for single FW, but as I've said, in cluster, bridge interface do not part of topology tab at all and it is External by design. (Security Gateway R77 Versions Technical Administration Guide)

0 Kudos
Admin
Admin

Re: R80.10 Management and R77.30 Gateways in Bridge mode

Having just installed a Mirror Port gateway on R80.10, the correct answer is: the mirror port should not be defined on the Gateway object at all.

When I fetched topology from my R80.10 Mirror Port gateway, the interface that was the mirror port did not even come across in the topology.

Further, your management Interface for the device should probably have the topology "Undefined" and Anti-Spoofing disabled.

0 Kudos

Re: R80.10 Management and R77.30 Gateways in Bridge mode

Hi Dameon, this is expected as mirror port is only for POC/testing and it will get all traffic (external + internal) from the corresponding mirror port of the switch. So bridge interface and mirror port, though might seem to be similar, are quite different.

0 Kudos
Admin
Admin

Re: R80.10 Management and R77.30 Gateways in Bridge mode

True, I misread Smiley Happy

That said I wonder if a similar solution shouldn't apply.

0 Kudos