This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Giga_Yang
Explorer
‎2022-05-13 04:30 PM

Checkpoint MAC learning problem

Dear All,

After we  add a new trunk between Checkpoint Firewall and a Cisco L2 switch.

We found Check Point could not learn this VLAN Device MAC at ARP.  The Check Point OS version is GAIA R80.40.

How we resolve this problem.

Thanks for a lot.

0 Kudos
9 Replies
Chris_Atkinson
Employee
Employee
‎2022-05-13 08:42 PM

Can you please share more detail of the environment - Is the gateway (appliance model?) configured as a standard cluster or for VSX and what JHF is applied?

How is the trunk port configured on the Cisco, is it also a bond?

0 Kudos
Giga_Yang
Explorer
‎2022-05-14 01:37 PM
In response to Chris_Atkinson

Hi Chris,

1. No VSX, only HA.

2. The gateway is 16200.

3. The GAiA OS is R80.40 with JFH Take 118.

4. The trunk is use interface bond.

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-05-14 06:48 PM
In response to Giga_Yang

LACP is used for the bond on both sides and cabling has been verified?

Please share the output of:

[Expert@HostName:0]# cat /proc/net/bonding/bondX

 

Note: Updating to a recent JHF is also recommended where possible.

0 Kudos
Giga_Yang
Explorer
‎2022-05-14 08:18 PM
In response to Chris_Atkinson

Hi Sir,

Others VLAN trunk was normally, but when we create a new. We see this problem.

I will try to output cat /proc/net/bonding/bondX for you.

0 Kudos
Giga_Yang
Explorer
‎2022-05-14 08:34 PM
In response to Giga_Yang

But we can see gateway interface Mac on local device. Why we can not see  local device's Mac on gateway.

 

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-05-14 10:04 PM
In response to Giga_Yang

Are you on the active or standby gateway and what do you see in the ARP table if you do a broadcast ping or similar?

0 Kudos
Giga_Yang
Explorer
‎2022-05-15 12:09 AM
In response to Chris_Atkinson

Hi Chris,

We can ping local device from firewall. But not see Mac at ARP.

But other VLAN trunk is normally,

0 Kudos
Giga_Yang
Explorer
‎2022-05-15 12:14 AM
In response to Giga_Yang

Hi Chris,

Should we turn off/on the VLAN interface on gateway? If it will not  influence other VLAN traffic.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-05-16 12:06 AM
In response to Giga_Yang

I would suggest to contact TAC !

CCSE CCTE SMB Specialist
0 Kudos