This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mighty_Lux_15
Explorer
‎2023-05-24 07:30 AM
Jump to solution

VLAN Monitoring on BOND for specific VLAN interface

Hello, 

I'm planing to change the monitored VLAN on CLusterXL. 

Platform : Check Point 6700
R81.10 take 335



I'm following this sk92784=> https://support.checkpoint.com/results/sk/sk92784#

 

According to the SK, it is needed to modify the following file $FWDIR/conf/cpha_specific_vlan_data.conf as below :

NAME_OF_PHYSICAL_INTERFACE_1	VLAN_ID_to_be_MONITORED
NAME_OF_PHYSICAL_INTERFACE_2	VLAN_ID_to_be_MONITORED
NAME_OF_PHYSICAL_INTERFACE_3	VLAN_ID_to_be_MONITORED

Example - monitor VLAN 2 on eth3, and VLAN 7 on eth5:

eth3	2
eth5	7

 

The thing is that i'm using 2 bonds (802.3ad) with 2 interfaces :
bond 1 : eth1-01 & eth1-02       
bond 2:  eth1-03  & eth1-04 


The documentation does not mention anything about bond. 

I would like to monitor VLAN 40 on the bond 1 and VLAN 50 on bond 2
I am wondering if the following lines would do the trick or if I should put the name of the bond instead : 

eth1-01	40
eth1-02	40
eth1-03 50
eth1-04 50


Your help / confirmation would be greatly appreciated.

Regards,
ML15

0 Kudos
1 Solution

Accepted Solutions
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-11-28 09:48 PM
In response to ajsingh
Jump to solution

Yes, you add each VLAN you wish to monitor as a separate line as you have there.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-05-30 09:17 AM
Jump to solution

I believe you specify the bond interface in this case.

Mighty_Lux_15
Explorer
‎2023-05-30 09:54 AM
In response to PhoneBoy
Jump to solution

Hello, 

Thank you for your input. 

As sugested, I'll try the following :

bond1	40
bond2	50

I'll let you know the outcome. 

Regards,
ML15

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-05-30 11:00 AM
In response to PhoneBoy
Jump to solution

This is correct. When using bonding, the raw Ethernet interfaces won't have IPs (or even subinterfaces for the various VLANs), so they won't be able to talk to each other via CCP.

0 Kudos
ajsingh
Contributor
‎2023-11-28 10:20 AM
In response to Bob_Zimmerman
Jump to solution

Hi,

Hope all is well. I have similar question but little different requirement :
I have 2 vlans on one Physical interface. Will the enteries be looking like this then : 
eth2 20

eth2 30

I am just confused on syntax for interfaces with more than 1 VLAN on it. 

Thank you

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-11-28 09:48 PM
In response to ajsingh
Jump to solution

Yes, you add each VLAN you wish to monitor as a separate line as you have there.

0 Kudos
ajsingh
Contributor
‎2023-11-29 06:32 AM
In response to emmap
Jump to solution

Awesome thank you 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events