Error with Policy Installation.

Matlu · ‎2025-04-03

Hello,

I am having problems with the installation of a GW policy.
I have many VLANs created that I have pulled into the SmartConsole through the "Get Interfaces Without Topology" option
All the VLANs that are tied to the eth1-01.X interface should be in an "External" mode and the ones that are tied to the eth1-02.X should be as "Internal" mode
None of the VLANs should have IP because they are interfaces that are working in bridge mode.

Could someone tell me why I am getting an error when installing policies, and how can I correct it?

Thank you.

the_rock · ‎2025-04-03

I would not be too worried myself about the warings, that can be fixed easily, but error shows topology is not defined for eth1-02.1069. Can you make sure topology is set right for it and then try again?

Andy

Matlu · ‎2025-04-04

Hi,

I just want to understand that 'Topology' should be configured on the VLANs that are actually tied to the Eth1-1 and Eth1-2 interfaces that are part of a BRIDGE interface.

The interfaces that appear in the Network Managament of a device, could they be left as ‘Undefined’?
Or do you always have to define a topology?

Thank you.

the_rock · ‎2025-04-04

I can only speak for myself, but I can tell you that EVERY time I ever had issue with topology, IF get interfaces without topology fails, I simply fix whatever its complaining there and no issues afterwards. I mean, goes without saying that topology should be set as per interface settings, so traffic intended to come to it or leave from it, does not end up somewhere else.

Makes sense?

Andy

the_rock · ‎2025-04-04

Hey bro, any luck with this?

Andy

Tal_Paz-Fridman · ‎2025-04-05

In the error it refers to interface eth1-02.1069

Is Anti-Spoofing enabled on that interface? If it is, either define the topology to disable it.

Matlu · ‎2025-04-05

Hi,

I solved it by clicking on the 'Get interfaces with topology' option

Following this solution, I have a couple of questions.

1. What is the criteria that Check Point uses to ‘define’ if an Interface is ‘EXTERNAL’ or ‘Internal’?

How does the device know which of the topology options corresponds to an Interface?

2. When you have a disconnected Interface and you create new VLANs that are 'tied' to that Interface, when you get the interfaces from the SmartConsole and install policies, is it normal that these new interfaces do not appear visibly in the SmartConsole?

Is it necessary that the network cable is connected and available to be able to see these new VLANs?

Greetings.

the_rock · ‎2025-04-05

What does that interface show now? Can you send a screenshot?

Andy

Matlu · ‎2025-04-05

Hello.

The VLAN is already created from the WebUI.

I have pulled the topology with the “Get interfaces With Topology” topology, but for example, the VLAN 1149 that was created from the WebUI, does not appear in the SmartConsole list.

Could this be because the VLANs were created after the interfaces were physically disconnected?
Currently the physical interfaces are disconnected.

If I reconnect them, should I see the VLAN from the SmartConsole point of view?

Cheers.

the_rock · ‎2025-04-05

Yes, you should, because smart console object would simply "fetch" whats configured on the OS level.

Andy

Are you a member of CheckMates?

Error with Policy Installation.