This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jamie_Kelahan
Contributor
Sunday
Jump to solution

"Multiple obects have the same IP address" with no duplicate objects

I've got an issue with a gateway cluster.  This started when I replaced one of my older appliances with a new one.  I installed the new appliance and attempted to establish SIC, however it failed.  I realized that the cluster member's IP address (in Cluster Member Properties) was set to an internal address.  We used to have an on-prem management server, but now use Smart-1 Cloud, so it makes sense that SIC would fail if it's attempting to use the internal address.

I changed the IP address on the member to it's public address, but now I keep getting the "Multiple obects have the same IP address" message on this public address whenever I make a change to the cluster.  Ignoring that message, I am able to establish SIC.  But when I try to install policy, it "fails" after 10 minutes with SmartConsole reporting, "Installation failed. Reason: Due to a timeout value of 600000 (millisecond)."  It doesn't actually fail to install - if I run "fw stat" in the CLI, it shows the correct policy installed.  I should also mention that it only "fails" on the new member - it's fine on the existing member.

After the timeout message, SIC is broken again.  I have to run "fw unloadlocal" in the CLI to re-establish SIC.  Another side effect is that if I try to "Get Inerfaces," it fails with the message, "RunCommandInNgm('CreateNgmInterfacesCommand') failed."  I followed sk154292, deleting all the interfaces and then am able to get interfaces, however I still have the same issue with the "multiple objects" message and the policy install timeout.

One thing to note after getting interfaces is that the maas_tunnel interface is populated and the existing member has an IP address defined, but the new one does not - it just says "none."  I checked my other clusters and none of them have the maas_tunnel listed as an interface.  In any case, whether I leave that interface or delete it, the problems still exist.

I opened a case on this, however they want to do a remote troubleshooting session in a few days.  In an effort to get my HA back before I'm able to connect with support, I removed the new appliance and put my old one back in.  However, the same issues still exist.

It feels like the issue is because of the multiple objects issue, but I've searched and there are no objects with that IP address with the exception of the gateway's interface.  If I change the address on the original (working) member, I get the multiple objects message on that IP address as well.

As I said, I have a case open on this, but since it seems it will be a few days before I can make any progress there, I thought I'd reach out here.  Thanks.

 

0 Kudos
1 Solution

Accepted Solutions
Jamie_Kelahan
Contributor
Tuesday
In response to Wolfgang
Jump to solution

Thanks Wolfgang.  It turns out that I actually did have a duplicate object, created by a colleague.  The way it was named made me believe it was the default "eth" name from the gateway.

The duplicate object didn't have any effect on my failing policy installation nor connectivity to the cloud.  That was more my own doing with taking the wrong steps to replace my old appliances.  Got it all straightened out with support.

View solution in original post

3 Replies
Wolfgang
MVP Gold
MVP Gold
Sunday
Jump to solution

@Jamie_Kelahan  please try searching again the duplicate object. Search in the object explorer or search via GUIdbedit for the duplicated object or use this older script to find the problematic object Find host objects that share the same IP-address /... - Check Point CheckMates

0 Kudos
Jamie_Kelahan
Contributor
Tuesday
In response to Wolfgang
Jump to solution

Thanks Wolfgang.  It turns out that I actually did have a duplicate object, created by a colleague.  The way it was named made me believe it was the default "eth" name from the gateway.

The duplicate object didn't have any effect on my failing policy installation nor connectivity to the cloud.  That was more my own doing with taking the wrong steps to replace my old appliances.  Got it all straightened out with support.

the_rock
MVP Platinum
MVP Platinum
Tuesday
In response to Jamie_Kelahan
Jump to solution

Hey Jamie,

Just for the reference, if you ever have this problem again and cant find those objects in smart console, I always recommend guidbedit. Glad you got it sorted out.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events