This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martijn
MVP
MVP
‎2025-10-09 02:27 AM
Jump to solution

Warning about topology when installing a policy with the Internet object

Hi All,

Customer has a legacy VSX cluster with two 9700 appliances on R82 take 39. On this VSX cluster a Virtual System is configured to handle traffic to and from the internet.

The Application Control policy contains rules with the Internet object as destination and an External interface is configured on the Virtual System. But when installing the policy we see the following warnings:

Layer 'VS1-policy Application': Rule 2: The policy target vsx_member-a_VS1 does not have the required topology configuration in its interface(s). When you select the Internet object in the Destination column of a rule, you must configure the topology of the applicable interface (that connects to the Internet):
1) If this target is a Security Gateway or a regular Cluster, then the interface topology must be 'External' or 'DMZ'.
2) If this target is a Geo Cluster (the option 'Use Geo Mode in a Cloud' is enabled), then the interface topology must be 'External'.
Without the correct interface topology configuration, Security Gateways and Cluster Members cannot match traffic to this rule.

We are only seeing this for member vsx-member-a_VS1 of the VSX cluster. The other member (vsx-member-b_VS1) seems to be OK.

We checked everything and the External interface is configured with the correct Topology.

Anyone seen this before? Any idea where to look?

Regards,
Martijn

Labels
0 Kudos
1 Solution

Accepted Solutions
Martijn
MVP
MVP
‎2025-10-09 05:43 AM
Jump to solution

Hi,

Update from my side.

Talked to TAC en when checking the external interface via GUIDBEdit, we found out the setting 'leads_to_internet' was set to false. After changing this setting to true and install policy, the installation warnings where gone.

Why this setting was set to false while SmartConsole shows the interface as External is unknown. But glad is it resolved.

Regards,
Martijn


View solution in original post

2 Replies
Martijn
MVP
MVP
‎2025-10-09 05:43 AM
Jump to solution

Hi,

Update from my side.

Talked to TAC en when checking the external interface via GUIDBEdit, we found out the setting 'leads_to_internet' was set to false. After changing this setting to true and install policy, the installation warnings where gone.

Why this setting was set to false while SmartConsole shows the interface as External is unknown. But glad is it resolved.

Regards,
Martijn


Vincent_Bacher
MVP Silver
MVP Silver
‎2025-10-09 05:55 AM
In response to Martijn
Jump to solution

GUIDBEdit

It's always amazing how often you still have to work with the good old tool. But the main thing is that the problem is solved! 👍

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events