Migration to ClusterXL with alias interface

okatsladz454

Good afternoon.

The client has an NGFW of an unknown vendor that supports alias interfaces based on cluster technology

The external addresses look like this:

eth0

eth0:1 1.1.1.1/26 (VIP)

eth0:1 1.1.1.2/26 (Node1)

eth0:1 1.1.1.3/26 (Node2)

eth0:2 1.1.1.4/26 (VIP)

eth0:2 1.1.1.5/26 (Node1)

eth0:2 1.1.1.6/26 (Node2)

and etc

Users access resources at addresses 1.1.1.1, 1.1.1.3, 1.1.1.7 and so on.

Aliases cannot be transferred due to restrictions. The separation of the vlans will not work due to the inability to use the same address space on several vilan interfaces

I've been racking my brain on how to transfer this to CheckPoint.

Do you have any ideas?

Thanks

Chris_Atkinson

Routing and NAT but there may not be enough information here to say this would work conclusively for you.

Basically separate the subnets used for connectivity versus the addresses offering / publishing services.

CCSM R77/R80/ELITE

PhoneBoy

As you are probably aware, ClusterXL does not support interface aliases.
However, ElasticXL (in R82) does support aliases.

A network diagram will go a long way towards helping you solve this issue, as will a detailed explanation of why interfaces aliases are "needed."

Alex-

You can create Proxy ARP for this instead of interfaces probably.

You create eth0 as Cluster interface with 1.1.1.1 as ClusterXL IP and whatever for physical IP of each cluster member, if you still have free IP in the /26 otherwise use private IP with local-scope, there is an SK for that.

You can then add on each cluster member Proxy ARP matching eth0 for the physical address which will make it that ETH0 will answer for 1.1.1.1, 1.1.1.2 and so on, on the active member.

Are you a member of CheckMates?

Migration to ClusterXL with alias interface