- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Experts,
We're planning to add a VLAN Interface into the firewall cluster (R77.30) and the Smart console version is R80.30
Have gone through SK57100 which says 'maintenance window' is required and it may cause an outage when fetching the topology.
While the article sk118518 says it can be done without fetching the topology and the plan is:-
To create a VLAN interface on both the firewalls via Gaia portal
Smart console -> Create a new Interface with 'cluster'
Create the interface with VIP address and click on Modify -> Enter the gateway members interface IP addresses of both the firewalls
Enable Anti-Spoofing
Save and install the policy.
With this option, believe anti-spoofing isn't overridden for other interfaces or no topology/routing changes will be made.
Is this correct way to do or can you please suggest the best way to achieve this without any outage or failover.
Thanks,
What you described should work totally ok. Wether to do manual spoofing or fetch topology automatically is a personal choice. We use automated option and never really had any problems. No interruptions or failovers during configuration. I just find manual prone to errors if you have high number of interfaces and routes.
Hi Kaspars,
Thanks for the reply.
Hope by adding this, new interfaces will be reported when the "cphaprob -a if" issued.
Also, can you please suggest what rollback option should be followed to minimize the outage (if something goes wrong)? Just by reverting the installation history or by reverting the snapshot.
Thanks.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY