This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marcos_Bezerra
Participant
‎2024-05-15 07:08 AM

more than one mgmt IP on centraly managed Quantum Spark

Hi, we have a situation on this customer and we want to know what are our options. (I made a drawing with the topology for better understanding)

They have a Mgmt server in the main office, we created a dummy object on smartconsole to represent the external IP adress of their MGmt server, to reach the internet, the traffic from the Mgmt server goes thru the internal checkpoint cluster, that has 3 IPS configured.

This Mgmt server communicates with the centrally managed SMB appliances via its external IP address. the issue is that on the SMB appliances we can only put 1 Mgmt ip address, but when this specific ISP goes down on the main office, we lose management of the SMB appliaces, because they all are configured to talk to a single IP of the Mgmt server.

The question is: what can we do in this scenario? is it possible to put more than 1 Mgmt IP adresses on the SMB firewalls?

Map2.png

0 Kudos
7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 07:14 AM

Not an expert is SMB appliances by any means, but I dont believe you can have more than 1 mgmt IP address, unless there is way to create alias IP or something. Let me spin up quick demo lab and will check.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 07:35 AM

Just re-read your post again and I see its centrally managed, so demo lab wont help, as its locally managed appliance there. Can you check below option in smart console?

Andy

Screenshot_1.png

 

 

Best,
Andy
0 Kudos
Marcos_Bezerra
Participant
‎2024-05-15 08:04 AM
In response to the_rock

hi andy, the issue is that here on this screen, we can only set one IP address, and here we put one specific external IP from the Mgmt server, but when this IPS drops, we lose management of the SMBs

 

firefox_mc3CVqg5lg.png

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 08:09 AM
In response to Marcos_Bezerra

Isee what you mean. Might be worth TAC case to confirm for sure.

Andy

Best,
Andy
0 Kudos
Marcos_Bezerra
Participant
‎2024-05-15 10:30 AM
In response to the_rock

yeah, I did that, they said they only work with "break & fix " scenarios, and told me to ask my account service, which I did, still waiting for the info, meanwhile I decided to see if someone here on checkmates can help

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 10:34 AM
In response to Marcos_Bezerra

Well, thats not really "break/fix", but still...Anywho, yes, let us know what your Sales person says. Personally, I would ask TAC to maybe check with tech lead/escalation team if this is possible, just to verify.

Best,

Andy

Best,
Andy
(1)
PhoneBoy
Admin
Admin
‎2024-05-16 07:17 PM

This problem also occurs on regular Quantum gateways when the management is behind a gateway that is doing ISP Redundancy...for more or less the same reason.

Unfortunately, there is not a good solution to this problem at current.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events