This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Pearson
Collaborator
‎2025-02-03 08:23 AM

Gateway replacement issue

I was attempting to replace a pair of old 5800's with a new pair of 9100's over the weekend but hit a strange problem (well 2 actually)

I had a fairly small windows to do this so ahead of time a built the 2 new gateways offline. Standard stuff, booted, installed, first time wizard, latest updates etc, then I configured each with their settings accordingly, these were an exact match for the current pair of gateways. Both gateways were fine, IP's all correct etc.

So, on the day, I shut down FW2, swapped the cabled to new FW2 (all but the LAN bod cables as the new one is 10Gb so different cables), opened management, changed cluster to 9100, established SIC to FW2, all good. Then I moved on to FW1, this time it was not shut down, the cables were swapped (again except LAN bond) and started it up. Initially I couldn't ping it, realised that both old and new connected with same IP, so shut down old then rebooted new via console connection, after which it would ping fine both in and out.

Back to management, and established SIC to FW1, again all good. Final step, get interfaces without topology, which it did without error but left the Sync interface topology column as "undefined" - See attached screenshot. Whilst I know the wasn't right I though i'd push the policy and look at this afterwards, however the policy failed to push, referring to a topology error on FW1 - see attached screenshot.

I know the interfaces were configured correctly, but to double check I went to Gaia on FW1 but it would not connect, error was connection refused. I know this was working a couple of weeks ago, so i'm not sure what could have happened to it. Tried to ssh to the box, again no response, yet from the console cli all looked good and it would ping in and out. Tried a reboot, but still the same.

Unfortunately I ran out of time and had to put the old boxes back online and roll back the snapshot on the management server, so I can't troubleshoot this as a whole, but I have console access to the new box and access to the management port, although I can't connect to the Gaia still at this point and I was wondering if anyone may be able to shed some light onto what may have happened here?

My gut feeling is to factory reset it and rebuild it, but i'd to try to find out what's happened for future reference. (I have some time before I can get another maintenance window)

I have console access to the new box and access to the management port, although I can't connect to the Gaia still at this point.

Preview file
33 KB
Preview file
46 KB
0 Kudos
4 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-02-03 08:43 AM

I have working cluster lab, so happy to do remote and see if I can help. Let me know.

Andy

Best,
Andy
0 Kudos
Steve_Pearson
Collaborator
‎2025-02-04 05:05 AM
In response to the_rock

Hi Andy,

That would be great thanks, I'd be interested to see if you can see any reason for the issue.

Let me see if I can get a session arranged, where are you time zone wise? (I'm in the UK on GMT)

 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-02-04 04:45 AM

Did you try "fw unloadlocal" on the affected node then fixing the topology and reinstall policy?

CCSM R77/R80/ELITE
0 Kudos
Steve_Pearson
Collaborator
‎2025-02-04 05:01 AM
In response to Chris_Atkinson

I did yes, but it didn't help

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events