This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
snf
Participant
‎2022-11-18 04:57 AM
Jump to solution

ClusterXL - Local probing problem after adding new VLAN

Hi!

I have 2xCheck Point 6400 Plus clustered and fail to add a new VLAN to an interface.

8 VLANs on that interface are working normally.

I followed the steps in this article sk57100.

I can ping the Box-IPs and the Virutal Interface IP from my client, but in the shell:

'cphaprob -a if' shows 'eth2.40 (P) Status DOWN' on both boxes.
The new VLAN has the highest ID, is monitored and so in SmartConsole I see:

Error: Refer to the Notification and Interfaces tables for information about the problem.

In Notification Table I see 'Local Probing - problem'


I checked article sk171844 and noticed that there is no (!) CCP traffic on that interface.
tcpdump -i eth2.40 port 8116 -> nothing

Why are interfaces DOWN and how can I bring them UP? In Gaia Portal the Link Status is 'Up' and I can ping the interface-IPs as mentioned before. In shell 'set interface IF_NAME state on' or 'ifconfig IF_NAME up' did not help.

Thanks for any ideas 🙂

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2022-11-20 04:46 AM
In response to snf
Jump to solution

Are you sure you configured VLAN for this interface correctly on the adjacent switches? If the answer is yes, please open a TAC case. This should work out of the box, with the steps above.


View solution in original post

the_rock
MVP Diamond
MVP Diamond
‎2022-11-20 05:50 AM
Jump to solution

Actually @snf , @_Val_ brings up very good point about the switch. Im just making an educated guess here obviously, since I know nothing about your network, but I had customer with similar issue and after weeks of checking and TAC case, it actually turned out to be their switch that was the problem. I checked the email they sent about this to me back few months ago, but all it said was that there was VLAN misconfiguration on the switch and once that was fixed, all worked fine.

Happy to do remote and check this for you...NOT saying it is the switch, but definitely worth verifying everything.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

8 Replies
_Val_
Admin
Admin
‎2022-11-18 06:55 AM
Jump to solution

Make sure you have defined this interface in the cluster objects and pushed the policy.

0 Kudos
snf
Participant
‎2022-11-18 08:26 AM
In response to _Val_
Jump to solution

Hi!

Thanks for you reply.

Just for completeness of information - I am running on R81.10.

Yes, I also definded the interface and published the policy as it is described in article sk57100

  1. Perform these steps in SmartConsole:

    1. Open Cluster object properties.

    2. Go to 'Network Management' pane - click on 'Get Interfaces' and select 'Get Interfaces Without Topology'

    3. Configure the Network Objective for the new interface, as well as the security zone and address spoofing settings.

    4. Configure the Virtual IP address the new interface, if needed.

    5. Click on 'OK' to apply the changes.

    6. Install relevant policy onto the cluster object.

 

Actually, this is the moment where the error starts. So, just adding the interfaces on the boxes - no error, but as soon as I define the interface in the cluster, the behaviour starts.

BR

0 Kudos
_Val_
Admin
Admin
‎2022-11-20 04:46 AM
In response to snf
Jump to solution

Are you sure you configured VLAN for this interface correctly on the adjacent switches? If the answer is yes, please open a TAC case. This should work out of the box, with the steps above.


snf
Participant
‎2022-11-21 01:08 AM
In response to _Val_
Jump to solution

Thanks for leading me in the right direction. Indeed I missed to add the new VLAN to one of the interfaces.

0 Kudos
_Val_
Admin
Admin
‎2022-11-21 01:39 AM
In response to snf
Jump to solution

Happy to hear it is resolved for you

0 Kudos
_Val_
Admin
Admin
‎2022-11-20 04:49 AM
In response to snf
Jump to solution

Also, did you reboot your FWs after adding a VLAN?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-11-20 05:50 AM
Jump to solution

Actually @snf , @_Val_ brings up very good point about the switch. Im just making an educated guess here obviously, since I know nothing about your network, but I had customer with similar issue and after weeks of checking and TAC case, it actually turned out to be their switch that was the problem. I checked the email they sent about this to me back few months ago, but all it said was that there was VLAN misconfiguration on the switch and once that was fixed, all worked fine.

Happy to do remote and check this for you...NOT saying it is the switch, but definitely worth verifying everything.

Best,
Andy
"Have a great day and if its not, change it"
snf
Participant
‎2022-11-21 01:09 AM
In response to the_rock
Jump to solution

Thanks for leading me in the right direction. Indeed I missed to add the new VLAN to one of the interfaces.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events