Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
XBensemhoun
Employee
Employee
Jump to solution

Changing management interface when using pppoe

Hi all,

We have an issue preparing some of our Security Gateways: when we have to use pppoe‌.

For the context: we use to unset default configuration of Mgmt interface (192.168.1.1) and use the Internet interface as the management interface (> show management interface); so that host name (> show host names) of the firewall as to be the public IP address.

The issue is: we cannot change management interface for the pppoeX interface by this error message:

ourFirewall> set management interface pppoe1
MgmtErr9999  Interface "pppoe1" cannot be set as Management Interface. Management Interface must have an IP address

The configuration of the pppoe client id 1 is:

ourFirewall> show pppoe client id 1
        Client ID:1
        Client Name:pppoe1
        Client User Name:user@isp.blabla
        Client Password Hash:*************
        Client Interface:eth5
        Use Peer As Default Gateway:on
        Use Peer DNS:on
        Use Fake Peer Address:off
        Fake Peer Address:0.0.0.0
        Client Status:Connected 

For those who are not aware of such things :

  1. changing management interface (> set management interface ethX) will automatically adapt the host name entry of the firewall
  2. unset the Mgmt default configuration before changing the management interface will delete the hot name entry of the firewall ... and will cause the issue described in  'cpstart' command does not start Check Point services

Does anyone know such problematic ?

We use R77.30, last Jumbo HF

Information Security enthusiast, CISSP, CCSP
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion

I can tell you when you unset the management interface, with that delete the hostname entry in the hostfile, it is even worse, you can even be locked out of SSH as well.

If you have a fixed IP assigned to your pppoe interface just set your local hostname manually and forget to set the management interface after that, in other words do not do it!!

Regards, Maarten

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

I imagine the management interface should have a fixed IP address, which PPPoE interfaces typically don't have (which is what the error suggests also).

0 Kudos
Maarten_Sjouw
Champion
Champion

I can tell you when you unset the management interface, with that delete the hostname entry in the hostfile, it is even worse, you can even be locked out of SSH as well.

If you have a fixed IP assigned to your pppoe interface just set your local hostname manually and forget to set the management interface after that, in other words do not do it!!

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events