It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Forrester Study Finds
CloudGuard Generates 169% ROI
Hi Experts,
We're planning to add a VLAN Interface into the firewall cluster (R77.30) and the Smart console version is R80.30
Have gone through SK57100 which says 'maintenance window' is required and it may cause an outage when fetching the topology.
While the article sk118518 says it can be done without fetching the topology and the plan is:-
To create a VLAN interface on both the firewalls via Gaia portal
Smart console -> Create a new Interface with 'cluster'
Create the interface with VIP address and click on Modify -> Enter the gateway members interface IP addresses of both the firewalls
Enable Anti-Spoofing
Save and install the policy.
With this option, believe anti-spoofing isn't overridden for other interfaces or no topology/routing changes will be made.
Is this correct way to do or can you please suggest the best way to achieve this without any outage or failover.
Thanks,
Kaspars_Zibarts
What you described should work totally ok. Wether to do manual spoofing or fetch topology automatically is a personal choice. We use automated option and never really had any problems. No interruptions or failovers during configuration. I just find manual prone to errors if you have high number of interfaces and routes.
Hi Kaspars,
Thanks for the reply.
Hope by adding this, new interfaces will be reported when the "cphaprob -a if" issued.
Also, can you please suggest what rollback option should be followed to minimize the outage (if something goes wrong)? Just by reverting the installation history or by reverting the snapshot.
Thanks.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY