This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2025-04-03 04:54 PM

Error with Policy Installation.

Hello,


I am having problems with the installation of a GW policy.
I have many VLANs created that I have pulled into the SmartConsole through the "Get Interfaces Without Topology" option
All the VLANs that are tied to the eth1-01.X interface should be in an "External" mode and the ones that are tied to the eth1-02.X should be as "Internal" mode
None of the VLANs should have IP because they are interfaces that are working in bridge mode.

F1.png

F2.pngF3.png

Could someone tell me why I am getting an error when installing policies, and how can I correct it?

Thank you.

0 Kudos
9 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-04-03 05:00 PM

I would not be too worried myself about the warings, that can be fixed easily, but error shows topology is not defined for eth1-02.1069. Can you make sure topology is set right for it and then try again?

Andy

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2025-04-04 06:23 AM
In response to the_rock

Hi,

I just want to understand that 'Topology' should be configured on the VLANs that are actually tied to the Eth1-1 and Eth1-2 interfaces that are part of a BRIDGE interface.

The interfaces that appear in the Network Managament of a device, could they be left as ‘Undefined’?
Or do you always have to define a topology?

Thank you.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-04 06:26 AM
In response to Matlu

I can only speak for myself, but I can tell you that EVERY time I ever had issue with topology, IF get interfaces without topology fails, I simply fix whatever its complaining there and no issues afterwards. I mean, goes without saying that topology should be set as per interface settings, so traffic intended to come to it or leave from it, does not end up somewhere else.

Makes sense?

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-04 04:05 PM
In response to Matlu

Hey bro, any luck with this?

Andy

Best,
Andy
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-04-05 02:47 AM

In the error it refers to interface eth1-02.1069

Is Anti-Spoofing enabled on that interface? If it is, either define the topology to disable it.

Matlu
MVP Silver
MVP Silver
‎2025-04-05 06:16 AM
In response to Tal_Paz-Fridman

Hi,

I solved it by clicking on the 'Get interfaces with topology' option

Following this solution, I have a couple of questions.

1. What is the criteria that Check Point uses to ‘define’ if an Interface is ‘EXTERNAL’ or ‘Internal’?

How does the device know which of the topology options corresponds to an Interface?

2. When you have a disconnected Interface and you create new VLANs that are 'tied' to that Interface, when you get the interfaces from the SmartConsole and install policies, is it normal that these new interfaces do not appear visibly in the SmartConsole?

Is it necessary that the network cable is connected and available to be able to see these new VLANs?

Greetings.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-05 06:46 AM
In response to Matlu

What does that interface show now? Can you send a screenshot?

Andy

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2025-04-05 09:20 AM
In response to the_rock

Hello.

The VLAN is already created from the WebUI.

I have pulled the topology with the “Get interfaces With Topology” topology, but for example, the VLAN 1149 that was created from the WebUI, does not appear in the SmartConsole list.

V1.pngV2.png

Could this be because the VLANs were created after the interfaces were physically disconnected?
Currently the physical interfaces are disconnected.

If I reconnect them, should I see the VLAN from the SmartConsole point of view?

Cheers.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-05 09:54 AM
In response to Matlu

Yes, you should, because smart console object would simply "fetch" whats configured on the OS level.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events