This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Giga_Yang
Participant
‎2022-05-13 04:30 PM

Checkpoint MAC learning problem

Dear All,

After we  add a new trunk between Checkpoint Firewall and a Cisco L2 switch.

We found Check Point could not learn this VLAN Device MAC at ARP.  The Check Point OS version is GAIA R80.40.

How we resolve this problem.

Thanks for a lot.

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-05-13 08:42 PM

Can you please share more detail of the environment - Is the gateway (appliance model?) configured as a standard cluster or for VSX and what JHF is applied?

How is the trunk port configured on the Cisco, is it also a bond?

CCSM R77/R80/ELITE
0 Kudos
Giga_Yang
Participant
‎2022-05-14 01:37 PM
In response to Chris_Atkinson

Hi Chris,

1. No VSX, only HA.

2. The gateway is 16200.

3. The GAiA OS is R80.40 with JFH Take 118.

4. The trunk is use interface bond.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-05-14 06:48 PM
In response to Giga_Yang

LACP is used for the bond on both sides and cabling has been verified?

Please share the output of:

[Expert@HostName:0]# cat /proc/net/bonding/bondX

 

Note: Updating to a recent JHF is also recommended where possible.

CCSM R77/R80/ELITE
0 Kudos
Giga_Yang
Participant
‎2022-05-14 08:18 PM
In response to Chris_Atkinson

Hi Sir,

Others VLAN trunk was normally, but when we create a new. We see this problem.

I will try to output cat /proc/net/bonding/bondX for you.

0 Kudos
Giga_Yang
Participant
‎2022-05-14 08:34 PM
In response to Giga_Yang

But we can see gateway interface Mac on local device. Why we can not see  local device's Mac on gateway.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-05-14 10:04 PM
In response to Giga_Yang

Are you on the active or standby gateway and what do you see in the ARP table if you do a broadcast ping or similar?

CCSM R77/R80/ELITE
0 Kudos
Giga_Yang
Participant
‎2022-05-15 12:09 AM
In response to Chris_Atkinson

Hi Chris,

We can ping local device from firewall. But not see Mac at ARP.

But other VLAN trunk is normally,

0 Kudos
Giga_Yang
Participant
‎2022-05-15 12:14 AM
In response to Giga_Yang

Hi Chris,

Should we turn off/on the VLAN interface on gateway? If it will not  influence other VLAN traffic.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-05-16 12:06 AM
In response to Giga_Yang

I would suggest to contact TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top