- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: SMB 1500 R81.10 - Cluster Virtual IP address ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SMB 1500 R81.10 - Cluster Virtual IP address belongs to a different subnet
Hello,
I need to configure VIP on different subnet on a SMB cluster - centrally managed - on WAN link (have not enought pub. IPs and Mgmt is directly connected).
So private IPs for the interfaces and a public IP as VIP. Problem is to set the default gateway - SMB Internet connection only allows configure Gateway in the same subnet. Adding a manual default route is also no possible.
Any idea?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk159772 suggests this should be possible in R81.10.x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ask TAC - https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ClusterXL_AdminGuide/Topics-... could apply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk159772 suggests this should be possible in R81.10.x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ID | Description | Found In | Resolved In |
01615874 | When defining a locally managed cluster, the Virtual IP address of a clustered interface has to be in the same subnet as the real IP addresses of the cluster members. | R80.20 GA | R81.10.00 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I use centrally managed - but actually as said I heve no idea how to configure the default gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
Are you trying to configure DG before or after cluster configuration?
As far as I know, DG could be configured in subnet, other than actual IP address, only when cluster configuration already done on the appliance.
Means - try to configure cluster first (with all needed IPs), install policies, and only after that - change DG on members themselves.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cluster is configured - actually the issue is in configuring the default route on gaia embedded itself!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried R81.10.05 ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for some reason my last post was deleted with the screensot of the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you contact TAC already ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I pushed issue to Checkpoint SE .....will post the solution here if I get one
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @dede79 ,
We are facing a similar scenario, need to have member interfaces in a different subnet than virtual IP. Were you able to make it work? was default route possible?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tested R81.10.07 (996001430) out of interest?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Successfully tested this to the extent my lab allows on a locally managed cluster running R81.10.07 (996001430).
Time permitting will follow-up similar tests on a centrally managed variant also.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @dede79
Were you able to solve the problem with the default routes? I have the same scenario and same problem.
Could you help me? thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please open a case with TAC if not already and I will follow up internally, thanks.
Share the SR number with me in private message.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I would also like to know if there is a supported solution for centrally managed SPARK cluster with a Cluster IP Address on different subnets on the WAN interface. Could you share the solution please?
Kind Regards,
Jones
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk182234 claims that such a solution is possible for both Locally and Centrally Managed Clusters.
The feature "Single routable IP" for clusters is supported starting from the R81.10.05 release.
For Locally Managed appliances, see the R81.10.X Locally Managed Administration Guide topic "Configuring High Availability" section "Single Routable IP Cluster."
For Centrally Managed appliances, see the R81.10.X Centrally Managed Administration Guide topic "Configuring High Availability" section "Configuring a Single Routable IP Cluster in Central Management."
Example diagram: