This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 09:47 AM
Jump to solution

ipv6 broke sic

After I enabled ipv6, I rebooted.  After the reboot I could NOT connect to the gateway at all.   The box lost its cluster status.  I also lost SIC.   New day, new issue.  🙂

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Gold
MVP Gold
‎2025-08-20 09:58 AM
In response to Daniel_Kavan
Jump to solution

Here is my question. When you do this and reboot, what does fw stat show? If its initial policy, just run fw unloadlocal, test SIC, if green, try policy.

Andy

Best,
Andy

View solution in original post

17 Replies
the_rock
MVP Gold
MVP Gold
‎2025-08-20 09:49 AM
Jump to solution

Really? Thats odd...is it R81.20, R82? I had ipv6 enabled on both versions in the lab, never had an issue.

Andy

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 09:50 AM
In response to the_rock
Jump to solution

R81.20.   Yeah, it's a new one for me too.

I disabled ipv6 and everything is fine again.

Tried it again - same issue...

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 09:55 AM
In response to Daniel_Kavan
Jump to solution

What was the process you followed? I just tested on abother lab gw with set ipv6-state on and save config, rebooted, no issues. R81.20 jumbo 111

Andy

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 09:57 AM
In response to the_rock
Jump to solution

I tried it with set ipv6-state on as well as in the web ui same issue.  JHF105

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 09:58 AM
In response to Daniel_Kavan
Jump to solution

Here is my question. When you do this and reboot, what does fw stat show? If its initial policy, just run fw unloadlocal, test SIC, if green, try policy.

Andy

Best,
Andy
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 10:15 AM
In response to the_rock
Jump to solution

ytmnd

the_rock
MVP Gold
MVP Gold
‎2025-08-20 10:16 AM
In response to Daniel_Kavan
Jump to solution

Since I did not google that abbreviation, no clue what it means, but glad we can help lol

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 10:39 AM
In response to Daniel_Kavan
Jump to solution

Who knew there is dedicated page to that abbreviation 🤣

Andy

https://en.wikipedia.org/wiki/YTMND#:~:text=YTMND%2C%20an%20initialism%20for%20%22You,zooming%20text...

Best,
Andy
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 11:04 AM
In response to the_rock
Jump to solution

I now have the Check Point ClusterXL for Bridge Active/Standby in cpconfig set to enable for one cluster and not in another.   Is it recommended or not?  I'm using a dedicated SYNC interface as well.  

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 11:07 AM
In response to Daniel_Kavan
Jump to solution

I would make sure they match. Just verified in my clusterxl lab and they are same on both.

Andy

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 11:10 AM
In response to the_rock
Jump to solution

So, they do match per cluster.    I have it enabled in this new cluster.   Not in an older one.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 11:13 AM
In response to Daniel_Kavan
Jump to solution

Personally, as long as cluster is used and processing traffic, I would ensure those settings are the same on both members.

Andy

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 11:22 AM
In response to the_rock
Jump to solution

Agreed, just wondering if there was a preference.  This is the first I'm running it on bridge mode.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 11:26 AM
In response to Daniel_Kavan
Jump to solution

I can tell you that even if certain things do not match 100%, cluster will still work, but me personally, to keep it consistent, I always recommend double checking settings do indeed match. Last thing you want if there is a failover is to find out the hard way something was missing.

Andy

Best,
Andy
0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-08-20 12:01 PM
In response to the_rock
Jump to solution

Yes, both member of the cluster have the same settings.

the_rock
MVP Gold
MVP Gold
‎2025-08-20 12:04 PM
In response to Daniel_Kavan
Jump to solution

Then, all I have to say is...

ytmnd : - )

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-20 10:15 AM
In response to Daniel_Kavan
Jump to solution

Funny enough, just tested on R82 standalone and same happened. But then since it showed initial policy, I did fw unloadlocal, was able to log into smart console and install policy that was there before.

Rebooted again, still fine with ipv6 on

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events