Solved: Re: ClusterXL management changes

Matlu · ‎2023-06-01

Hello, team.

I currently have a couple of ClusterXLs, hooked up to an SMS.
All in version R81.10

I understand that the IPs that appear in the SmartConsole, are the management IPs, is that correct?

By decision and "reordering" of the client, the "management" IPs will be changed to those of the gateways.

What seems strange to me, is that for so long, they have been working with a VIRTUAL IP for each Cluster, which is a PUBLIC IP, and for the gateways as such, they have been working with private IPs.
I don't understand why.

To be able to do the process of changing the IPs of each cluster, it must be considered a "service interruption"?
Is it recommended to have a working window?

What is the order to change the IPs in the gateways?
Should the passive one be started first, then the active one?
At the end change it in the same SmartConsole?

Thanks for your comments.

PhoneBoy · ‎2023-06-01

The "management" IP is the IP that's listed in the General tab of the relevant gateway object (also called the Main IP).
A Cluster IP can be on a different subnet from the gateway's configured interfaces, which is a useful feature: https://support.checkpoint.com/results/sk/sk32073

Generally, changing IP addresses of a gateway or cluster should be done in a maintenance window.
Make the OS level changes first, then make the changes in SmartConsole.
Similar to: https://support.checkpoint.com/results/sk/sk62024

View solution in original post

PhoneBoy · ‎2023-06-01

The "management" IP is the IP that's listed in the General tab of the relevant gateway object (also called the Main IP).
A Cluster IP can be on a different subnet from the gateway's configured interfaces, which is a useful feature: https://support.checkpoint.com/results/sk/sk32073

Generally, changing IP addresses of a gateway or cluster should be done in a maintenance window.
Make the OS level changes first, then make the changes in SmartConsole.
Similar to: https://support.checkpoint.com/results/sk/sk62024

Matlu · ‎2023-06-02

Sorry,

By "start on each operating system", they mean start on each ClusterXL gateway, correct?

Does the order matter?

Or is it better to start by changing the management IPs, always by the passive member, and then the active one?

Or is it indifferent?

Regards.

the_rock · ‎2023-06-02

Hey bro,

Im fairly sure what it implies is to do changes on OS level first (meaning Gaia clish or web UI) and then app level (ie smart console object topology). I always do everything first on standby, then master and that works well.

Cheers,

Andy

Matlu · ‎2023-06-02

For this type of activity (Change the management IP of each GW, of ClusterXL), there is no need to "break" the ClusterXL during the "Maintenance Window", right?

Thanks for your time, and sorry for the "silly" doubts. 🙂

the_rock · ‎2023-06-02

No, you dont need to break the cluster, but to be 100% safe, maybe better to do off hours.

Andy

Matlu · ‎2023-06-02

It is better to always keep the criterion of doing it in a "working window", but knowing that it is not necessary to break the ClusterXL.
Just as a "precautionary" measure, right?

Thanks, bro.

the_rock · ‎2023-06-02

Thats my mentality as well, correct.

Andy

the_rock · ‎2023-06-02

Never be sorry about asking any questions mate...regardless of some people thinking question may sound silly or stupid, if answer will save you headache down the road, then everyone wins.

Andy

the_rock · ‎2023-06-01

You got perfect answer from @PhoneBoy , thats exactly how you would do the order, as per 2nd sk he provided.

Good luck bro!

Andy

Are you a member of CheckMates?

ClusterXL management changes