This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
The-generalist
Participant
‎2019-03-22 01:24 AM
Jump to solution

Migrate to 10Gb interface

Hi, 

I'm about to move a Checkpoint 15k cluster from the current 1Gb interfaces to new 10Gb interfaces.

There are clans created on the 1Gb interfaces and I have to remove those and create the same vlan interfaces on the new 10Gb interfaces.

Have anyone done this before? 

What steps are included in this change?

2 Solutions

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2019-03-22 12:05 PM
Jump to solution

Easiest is this way, there will be a minor glitch on failover nr 1:

  • copy the interface lines from show configuration interface and adjust inthe following way:
    • on the old interface issuing delete interface eth1-03 vlan 25 will delete vlan 25 and all the config from it.
    • add the vlan's to the new interface by adjusting the old commands setting the correct interface
    • Copy and adjust the set interface ipv4-address commands
    • double check those commands make sure to also copy and adjust the set interface state on commands
  • on standby member run cphastop to disable clustering
  • paste the delete vlan commands
  • paste the add vlan and set IP address commands
  • now update the interfaces of the backup member in the cluster object, the member interfaces are set in the Advanced tab of the cluster interface configuration
  • push policy
  • run cphastart on the backup member
  • flip the cluster over to the backup member ( this could give a dip in the connections
  • now repeat the above steps for the other member

Good luck and be aware to plan this in a maintenance window, easier to tell everyone this will caus 15 minutes downtime and be done in 1 minute than the other way around.

Regards, Maarten

View solution in original post

HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-22 01:30 PM
Jump to solution

Or a quick and dirty hack:

1) Change the PCI bus ID's and the interfaces in the following file

/etc/udev/rules.d/00-OS-XX.rules

Now replace the 1 GB Interfaces with the 10 GB Interfaces.

2)  Reboot the appliance

Attention!
You make sure that the file is adjusted during the next update for example from R77.30 to R80.20.

 

 

 

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

7 Replies
Maarten_Sjouw
Champion
Champion
‎2019-03-22 12:05 PM
Jump to solution

Easiest is this way, there will be a minor glitch on failover nr 1:

  • copy the interface lines from show configuration interface and adjust inthe following way:
    • on the old interface issuing delete interface eth1-03 vlan 25 will delete vlan 25 and all the config from it.
    • add the vlan's to the new interface by adjusting the old commands setting the correct interface
    • Copy and adjust the set interface ipv4-address commands
    • double check those commands make sure to also copy and adjust the set interface state on commands
  • on standby member run cphastop to disable clustering
  • paste the delete vlan commands
  • paste the add vlan and set IP address commands
  • now update the interfaces of the backup member in the cluster object, the member interfaces are set in the Advanced tab of the cluster interface configuration
  • push policy
  • run cphastart on the backup member
  • flip the cluster over to the backup member ( this could give a dip in the connections
  • now repeat the above steps for the other member

Good luck and be aware to plan this in a maintenance window, easier to tell everyone this will caus 15 minutes downtime and be done in 1 minute than the other way around.

Regards, Maarten
The-generalist
Participant
‎2019-03-25 05:06 AM
In response to Maarten_Sjouw
Jump to solution

That is awesome! 

A big thanks to you 🙂

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-22 01:30 PM
Jump to solution

Or a quick and dirty hack:

1) Change the PCI bus ID's and the interfaces in the following file

/etc/udev/rules.d/00-OS-XX.rules

Now replace the 1 GB Interfaces with the 10 GB Interfaces.

2)  Reboot the appliance

Attention!
You make sure that the file is adjusted during the next update for example from R77.30 to R80.20.

 

 

 

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion
‎2019-03-22 01:37 PM
In response to HeikoAnkenbrand
Jump to solution

Please note that performance tuning is necessary for a 10 GBit/s interface.

For example multi-queueing and other tuning options.

More see here:

R80.x Performance Tuning Tip – Multi Queue


Regards

Heiko

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
The-generalist
Participant
‎2019-03-25 05:08 AM
In response to HeikoAnkenbrand
Jump to solution

Thanks for your answer!

So you mean that after switching interfaces I need to tune GAIA for 10Gb?

We're currently on R77.30 but we're soon going to upgrade to R80.20.

abihsot__
Advisor
‎2020-02-13 08:00 AM
In response to The-generalist
Jump to solution

Sorry for bringing up the old thread. First of all, how was the migration?

I wanted to clarify why would you expect a dip in connections? Is clusterXL should not handle such situation?

0 Kudos
carbonblack
Explorer
‎2020-02-13 12:29 PM
Jump to solution

Is a very simple solution to edit the file:

/etc/udev/rules.d/00-OS-XX.rules

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top