This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christian_Koehl
Collaborator
Collaborator
‎2019-10-15 06:24 AM

Remove interface from VSX systems.

Dear CheckMates,

I have running a VSX Cluster with VSLS with some bond interfaces in version R80.20. A couple of VLANs were added to bond1 and in each of my VS systems one of this bond1 VLAN interfaces is used.

Now, the bond1 needs to be remove.
Therefore, I have deleted the bond1 VLAN interface in every VS and installed the policy within that VS.

 

A "show configuration" still shows the configuration for all the bond1 VLAN interfaces.
"vsx_utill show_interfaces" did't show them.


How to remove the configuration for the bond1 interface completly?

Best regards,
Christian

12 Replies
Maarten_Sjouw
Champion
Champion
‎2019-10-15 06:42 AM

Did you push the policy after you removed the VLAN interfaces? It really sounds like you did not.
Regards, Maarten
mdjmcnally
Advisor
‎2019-10-15 07:25 AM

Did you select to remove Bond1 from Physical Interfaces on the actual VSX Cluster Object and then install the Policy to the VSX Cluster itself.

I believe that afterwards will have to SSH to the box

set vsx off

delete bonding group bond1

set vsx on

Make Sure install policies afterwards

Should remove the bond1 from the VSX Cluster and then remove the bond from the VSX box.

0 Kudos
Christian_Koehl
Collaborator
Collaborator
‎2019-10-15 10:36 AM
In response to mdjmcnally

I have installed the policy. It tooks me some time, as I have done this in about 9 different Domains / for 9 different gateways....

 

This steps, as requested, I will do the next time, when I am at the customer.

   set vsx off
   delete bonding group bond1
   set vsx on

 

Thanks to all for your help,

Christian

0 Kudos
Christian_Koehl
Collaborator
Collaborator
‎2019-11-04 01:14 AM
In response to Christian_Koehl

Hi folks,

Sorry for not updating this post earlier.

I run the command "set vsx off" and tried to delete the bond, but it still fails with the error-message "This interface is used by the Dynamic Routing Protocol: Static Routes. Cannot delete the selected interface."

interface.jpg

Any ideas?

Best regards,

Christian

 

 
Maarten_Sjouw
Champion
Champion
‎2019-11-04 01:43 AM
In response to Christian_Koehl

you need to remove any IP if still there on the interface.
Regards, Maarten
0 Kudos
Christian_Koehl
Collaborator
Collaborator
‎2019-11-04 02:14 AM
In response to Maarten_Sjouw

Hi Maarten,

in the screenshot you can see in the background, the IP for bond1.4031 is deleted, but I still can't delete the VLAN interface itself.

Best regards,

Christian

0 Kudos
mdjmcnally
Advisor
‎2019-11-04 03:43 AM
In response to Christian_Koehl

How are you trying to delete the vlan interface?

 

 

I ask as the WebUI which I am guessing is being run AFTER running the set vsx off as VSX doesn't have the WebUI enabled is showing interfaces with IP from the VSX Network.

 

You won't be able to delete the bond1 until all of those sub-interfaces are removed.

I would expect that they are deleted in the SmartConsole for the VS that they are created in and then after the topology updates then says to install the security policy.

 

You said that did this but is contradicted by seeing the vlan interfaces exist in the WebUI which to access would need to have the VSX turned off.

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-11-04 04:05 AM
In response to Christian_Koehl

Are you trying to remove the BOND interface or only a VLAN?
You will not be able to see all information from VSX in the GUI.
As Hugo says get the info from the Show configuration to see what is going on.
Regards, Maarten
0 Kudos
Luis_Romero
Explorer
‎2021-06-02 01:17 PM
In response to Christian_Koehl

I get the same error when deleting the vlan by webui and cli, did they manage to fix it?

Hugo_vd_Kooij
Leader
Leader
‎2019-11-04 03:34 AM

Check your config very carefully.

I would use at least:

clish -c "show configuration" | grep bond

It might show you some leftovers you need to take care of. 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Daniel_Taney
Advisor
‎2019-11-04 12:24 PM
In response to Hugo_vd_Kooij

Did you also remove the bond interface from the Physical Interfaces tab of the VSX Cluster Properties? If there are no VLANs left on this bond group, you don't want it listed here.

physical_interface.jpg

 

R80 CCSA / CCSE
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-11-04 11:22 PM
In response to Daniel_Taney

On second thoughts The only way to remove a VLAN interface on a VSX system is by deleting that interface from the VS it is used in.
Only when you have removed all VLAN's from the Bond interface, will you be able to remove the interface itself.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events