Solved: SMB 1500 R81.10 - Cluster Virtual IP address belo...

dede79 · ‎2023-03-02

Hello,

I need to configure VIP on different subnet on a SMB cluster - centrally managed - on WAN link (have not enought pub. IPs and Mgmt is directly connected).

So private IPs for the interfaces and a public IP as VIP. Problem is to set the default gateway - SMB Internet connection only allows configure Gateway in the same subnet. Adding a manual default route is also no possible.

Any idea?

Chris_Atkinson · ‎2023-03-02

sk159772 suggests this should be possible in R81.10.x

CCSM R77/R80/ELITE

View solution in original post

G_W_Albrecht · ‎2023-03-02

Ask TAC - https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ClusterXL_AdminGuide/Topics-... could apply.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Chris_Atkinson · ‎2023-03-02

sk159772 suggests this should be possible in R81.10.x

CCSM R77/R80/ELITE

G_W_Albrecht · ‎2023-03-02

ID

Description

Found In

Resolved In

01615874

When defining a locally managed cluster, the Virtual IP address of a clustered interface has to be in the same subnet as the real IP addresses of the cluster members.

R80.20 GA

R81.10.00

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

dede79 · ‎2023-03-02

I use centrally managed - but actually as said I heve no idea how to configure the default gateway.

xAnTx · ‎2023-03-02

Hi!
Are you trying to configure DG before or after cluster configuration?
As far as I know, DG could be configured in subnet, other than actual IP address, only when cluster configuration already done on the appliance.
Means - try to configure cluster first (with all needed IPs), install policies, and only after that - change DG on members themselves.

dede79 · ‎2023-03-02

cluster is configured - actually the issue is in configuring the default route on gaia embedded itself!

Amir_Ayalon · ‎2023-03-02

Have you tried R81.10.05 ?

dede79 · ‎2023-03-06

for some reason my last post was deleted with the screensot of the issue.

G_W_Albrecht · ‎2023-03-06

Did you contact TAC already ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

dede79 · ‎2023-03-08

I pushed issue to Checkpoint SE .....will post the solution here if I get one

RS_Daniel · ‎2023-06-28

Hello @dede79 ,

We are facing a similar scenario, need to have member interfaces in a different subnet than virtual IP. Were you able to make it work? was default route possible?

Regards

Chris_Atkinson · ‎2023-06-29

Have you tested R81.10.07 (996001430) out of interest?

CCSM R77/R80/ELITE

Chris_Atkinson · ‎2023-06-29

Successfully tested this to the extent my lab allows on a locally managed cluster running R81.10.07 (996001430).

Time permitting will follow-up similar tests on a centrally managed variant also.

CCSM R77/R80/ELITE

FerPr0c03 · ‎2023-06-28

Hi @dede79

Were you able to solve the problem with the default routes? I have the same scenario and same problem.
Could you help me? thanks

Chris_Atkinson · ‎2023-06-28

Please open a case with TAC if not already and I will follow up internally, thanks.

Share the SR number with me in private message.

CCSM R77/R80/ELITE

Jones · ‎2024-06-11

Hi,

I would also like to know if there is a supported solution for centrally managed SPARK cluster with a Cluster IP Address on different subnets on the WAN interface. Could you share the solution please?

Kind Regards,

Jones

Steven_Sultana · ‎2024-09-13

sk182234 claims that such a solution is possible for both Locally and Centrally Managed Clusters.

How do I configure a cluster on Quantum Spark appliances with only one public address?
Is it necessar...

The feature "Single routable IP" for clusters is supported starting from the R81.10.05 release.
For Locally Managed appliances, see the R81.10.X Locally Managed Administration Guide topic "Configuring High Availability" section "Single Routable IP Cluster."
For Centrally Managed appliances, see the R81.10.X Centrally Managed Administration Guide topic "Configuring High Availability" section "Configuring a Single Routable IP Cluster in Central Management."
Example diagram:

perfect4situa · ‎2025-03-10

Even if there a section in documentation about the configuration of Single Routable IP (https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Co...) as described in https://community.checkpoint.com/t5/SMB-Gateways-Spark/Implementing-High-Availability-Firewall-Clust... I recently close a ticket with TAC and they say that there is no way to do this configuration with Spark Appliances in Centrally Managed mode.

I suggest to you the "local transport network" between gateway and router

Are you a member of CheckMates?

SMB 1500 R81.10 - Cluster Virtual IP address belongs to a different subnet