This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Gennady
Contributor
‎2026-01-16 01:43 AM

Good day!

The one thing that draw my attention is the APIPA address used for the Sync interface. An intuition told me that most probably you cannot use APIPA as a static address for Sync. 

Quick check in a Lab shows that indeed we have ACTIVE/DOWN only because of the IP-addresses.

I have changed eth4-1(used for Sync) IP-address from

172.16.18.1/24 (23800_1) and 172.16.16.2/24 (23800_2)

to

169.254.1.50/24 (23800_1) and 169.254.1.51 (23800_2)

As a result, I got Active/Down from both ends after cpstop/cpstart. Your problem is replicated successfully. There is no MPDS used at all.

ClusterXL_2026-01-16 124106.png

RFC 3927 states that 169.254.0.0/16 network is for automatic IP-address configuration. I may guess that Checkpoint follows the guideline and doesn't allow to configure an IP-address from this range manually.
Similar point is stated in sk179028

These IP subnets are reserved (you cannot use them in the CIN IP ranges):

0.0.0.0 / 8
127.0.0.0 / 8
169.254.0.0 / 16
192.0.2.0 / 24
224.0.0.0 / 4
203.0.113.0 / 24

Please, send my best regards to TAC engineers and don't make any unnecessary actions until you try to assign non-APIPA address for the Sync!

(1)
Who rated this post