This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
yura_k
Contributor
Contributor
‎2025-04-22 11:58 PM

VSX with BGP in different GAIA versions

We noticed that the BGP protocol configuration for virtual systems in different GAIA versions began to differ.

We have a virtual system that is peered via BGP. Peering interface settings:
GW1-VSX-81.20:1> show interface eth2.102
state on
mac-addr 00:50:56:ae:75:cd
type vlan
instance 1
ipv4-address 10.1.102.77/24

Virtual system service interface settings:
eth2.102@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.196.17/28 brd 192.168.196.196.31 scope global eth2.102

In versions R80.40 and R81.10 the configuration of the peer link could look like this:
set bgp external remote-as 65001 on
set bgp external remote-as 65001 local-address 10.1.102.77 on

And in R81.20, it became impossible to bind interface address to bgp remote-as on a virtual system:

GW1-VSX-81.20:1> set bgp external remote-as 65001 local-address 10.1.102.77 on
RTGRTG0019 BGP: Address 10.1.102.77 does not belong to any interface.

and we have to use such as workaround:
set bgp external remote-as 65001 on
set bgp external remote-as 65001 local-address 192.168.196.17 on

Labels
0 Kudos
5 Replies
Wolfgang
Authority
Authority
‎2025-04-23 01:03 AM

@yura_k with R81.20 some changes are implemented for dynamic routing protocols to be more compliant with the RFCs and recommendations. We had a problem with OSPF interfaces in the past after switch to R81.20 https://community.checkpoint.com/t5/Maestro/max-interfaces-OSPF/m-p/199829#M2337

Open a case with TAC to check your need.

emmap
Employee
Employee
‎2025-04-27 09:17 PM

If this is a cluster (looks like it is) then you shouldn't be configuring local address per:

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Gaia_Advanced_Routing_AdminG...

 

0 Kudos
yura_k
Contributor
Contributor
‎2025-04-28 12:45 AM
In response to emmap

Hi Emma! The BGP speaker is a virtual system, not a VSX cluster node.

0 Kudos
emmap
Employee
Employee
‎2025-04-28 02:43 AM
In response to yura_k

Yes but it's a VS on a cluster, yes? That still counts. 

0 Kudos
the_rock
Legend
Legend
‎2025-04-28 05:49 PM
In response to yura_k

I dont even recall having to configure local address setting.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events