This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
-K-
Contributor
‎2021-03-08 01:36 AM
Jump to solution

Checkpoint VSX platform - Connectivity issue

Hi All,

I am new to Checkpoint VSX environment and trying to build a lab as attached in screenshot.

However trying to reach from source (172.16.10.10) to destination (192.168.10.10) but facing a connectivty issue.

Here are some details :

1) Using VSX Cluster (which is up and running  so far "Active/Standby status with cphaprob stat -No VLSL configured)

2) Ethernet 2 is used as "Inside network" and configured as VLAN Trunk 

3) Ethernet 3 is used as "Outside Network" and on VS1 used as Wraplink (shared interface) (ip: 192.168.0.0/16)

4) Any specific things from routing point of view or configuration point of view missing?

(attached lab design / VSX Cluster topology / VS1 topology)

Let me know someone can guide through.

Outcome :

1) From Inside PC (172.16.10.10) able to reach to Gateway which is on L3 Switch (vlan 10) 172.16.10.1

2) Not able to reach 172.16.10.50   which is configured on VS1 (eth2.10)

3) Not able to reach 192.168.0.2  /16 (which is on VSX Gateway as wrp link ip) 

Do i need to configure Proxy ARP or something as looks like a routing issue.

Somebody can share expert view on it.

@Danny @Timothy_Hall @HeikoAnkenbrand @G_W_Albrecht 

Preview file
100 KB
Preview file
45 KB
Preview file
116 KB
Preview file
130 KB
0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2021-03-10 02:10 AM
Jump to solution

First of all, why did you configure any static routes on VS0? It should only have route to MGMT network for control. VS0 should not receive and forward any traffic other than control connections from you MGMT server. 


Secondly, on VS1 itself you have configured VS0 as default GW. That is wrong. 

Also, why do you need a virtual switch, if you only have a single VS? 

View solution in original post

0 Kudos
-K-
Contributor
‎2021-03-10 06:03 AM
In response to _Val_
Jump to solution

Many thanks for your review.

Yes i recognized and i have removed the virtual switch as i realize that Virtual switch is used only for communication between VSS and to send the traffic otuside.

Configured without Virtual Switch and it works as expected.

Thanks for pointing this out.

View solution in original post

0 Kudos
2 Replies
_Val_
Admin
Admin
‎2021-03-10 02:10 AM
Jump to solution

First of all, why did you configure any static routes on VS0? It should only have route to MGMT network for control. VS0 should not receive and forward any traffic other than control connections from you MGMT server. 


Secondly, on VS1 itself you have configured VS0 as default GW. That is wrong. 

Also, why do you need a virtual switch, if you only have a single VS? 

0 Kudos
-K-
Contributor
‎2021-03-10 06:03 AM
In response to _Val_
Jump to solution

Many thanks for your review.

Yes i recognized and i have removed the virtual switch as i realize that Virtual switch is used only for communication between VSS and to send the traffic otuside.

Configured without Virtual Switch and it works as expected.

Thanks for pointing this out.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events