Sync interface suggested IP range script

the_rock

Hey guys,

Wondering if someone would be willing to try this script in their lab to see what they get? I tested it in mine and gave me below. It would simply suggest ranges for sync IPs based on whats already configured.

Lab:

[Expert@CP-FW-01:0]# dos2unix *
dos2unix: converting file check_critical_files.sh to Unix format ...
dos2unix: converting file cp_cluster_ha_report.sh to Unix format ...
dos2unix: converting file cp_cluster_sanity.sh to Unix format ...
dos2unix: converting file cp_suggest_sync_range.sh to Unix format ...
[Expert@CP-FW-01:0]# chmod 777 *
[Expert@CP-FW-01:0]# ./cp_suggest_sync_range.sh
ClusterXL Sync Range Suggestions (non-overlapping with local interfaces/routes)
======================================================================
Detected used networks (interfaces + routes): 5

Top 10 suggestions (/ 30):

1. 10.255.255.0/30 MemberA: 10.255.255.1 MemberB: 10.255.255.2
2. 10.255.255.4/30 MemberA: 10.255.255.5 MemberB: 10.255.255.6
3. 10.255.255.8/30 MemberA: 10.255.255.9 MemberB: 10.255.255.10
4. 10.255.255.12/30 MemberA: 10.255.255.13 MemberB: 10.255.255.14
5. 10.255.255.16/30 MemberA: 10.255.255.17 MemberB: 10.255.255.18
6. 10.255.255.20/30 MemberA: 10.255.255.21 MemberB: 10.255.255.22
7. 10.255.255.24/30 MemberA: 10.255.255.25 MemberB: 10.255.255.26
8. 10.255.255.28/30 MemberA: 10.255.255.29 MemberB: 10.255.255.30
9. 10.255.255.32/30 MemberA: 10.255.255.33 MemberB: 10.255.255.34
10. 10.255.255.36/30 MemberA: 10.255.255.37 MemberB: 10.255.255.38

Notes:
- Use a DEDICATED, non-routed VLAN/segment for Sync if possible.
- Ensure this subnet does NOT overlap anywhere else in your enterprise (not just on this gateway).
- Prefer /30 for 2-member clusters. Use /29 only if you truly need extra hosts.
[Expert@CP-FW-01:0]#

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-02-06

That script is probably useful for small networks. However, in large and enterprise environments, it's better to rely on IP address management solutions and potentially their APIs to identify available non-routed networks and free /30 subnets.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-02-06

100%. I always use 169.254.x.x, so Im trying to see how to modify the script to suggest broader non routable subnets, rather than just what it gave me.

Best,
Andy
"Have a great day and if its not, change it"

emmap · ‎2026-02-08

I've never had an issue with the Scalable Platforms default range of 192.0.2.0/24, so I usually suggest that.

the_rock · ‎2026-02-08

I always suggest non-routable IP range, seems to work best.

Best,
Andy
"Have a great day and if its not, change it"

Filters

Sort By

Categories

Sync interface suggested IP range script

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.