- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
What precautions need to take before removing bond interface?
Remove bond interface from gateway and remove it from management server?
need to install the policy.
Any other steps need to take care?
Please suggest
Regardless of which interface, steps to take are:
1) Remove from OS level (web UI or clish)
2) Update topology in smart console gateway object
3) Install policy
4) Verify all still works
Andy
If we performed the get interface without topology thus affect anything?
Make sure to do get interfaces WITHOUT topology. If you do WITH, it will reset your current settings.
Cheers,
Andy
Of note: removing the bond from the OS level requires removing the member interfaces from the bond. I would also do that step last. You really should not delete an interface which the firewall software still knows about. It can cause all kinds of weird traffic problems.
Thats true, good point, it does require removing member interfaces, thank you for pointing that out. But, even TAC would suggest to remove it from OS level first, then topology...at least thats how they always did it in the past.
Andy
If someone in the TAC suggested that order to me, I would request the call be transferred to somebody else.
When adding an interface, you must add at the OS level first, then the application level.
When removing an interface, you should tell the application to stop using the interface before you tell the OS to stop providing the interface to be used. While in most circumstances you can do it in the other order (remove from OS first, remove from application second), that leaves the application trying to use something which doesn't exist. The best case situation for that is cluster failovers when a monitored interface goes down. It could easily result in flapping or a hard outage if combined with other interface problems or cluster monitoring problems.
It's like using a cable for cluster sync: technically supported, but a bad idea which will cause problems sooner or later.
Respectfully, I would disagree. I had done it the way TAC suggested many times before and never had a problem. If you think about it, all smart console would do is really get information based on whats configured on OS level, so to me, makes total sense to do it same way when adding OR removing the interface.
Andy
Think about it with VSX. If you remove the bond from the OS level first, then you try to remove it from your VSX object, provisioning will fail.
Im sure you know VSX way better than I do, so Im positive thats correct. As far as regular gateways, I always done it how TAC suggests and never had a problem.
Just my experience...
Andy
I have removed the bond interface and performed the fetch without topology. after activity i can seen that topology is undefined.
So we need to manually edit the same. I have took screenshot before activity.?
Yes, please send a screenshot indicating the settings.
Andy
As long as interface is not part of OS, then topology should reflect that, for sure.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
18 | |
12 | |
6 | |
6 | |
6 | |
5 | |
4 | |
4 | |
4 | |
4 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY