This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
‎2023-01-31 10:15 PM

IPv6 on Maestro a nightmare...

Since some weeks we are trying to use IPv6 on a R81.10 Maestro environment. There are some really bad limitations:

Enabling IPv6 in the whole environment needs a restart of all a appliances (MHO and SG) at the same time.

Changing everything for the IPv6 configuration (IPs, routes etc.) end up in complete stop of processing all traffic for about 3-5min. In our VSX environment all VSs are affected not only the one with the changes.

We are working with loacal engineers and it looks like there are some documents describing this issues, but they are not available outside of Check Point.

There are no limitations mentioned in the Maestro limitations regarding this problems with IPv6 Known Limitations for Scalable Platforms (Maestro Appliances and Chassis)

Are we the only one using IPv6 on Maestro R81.10 ? Would be happy to get some experience from others and a statement from Check Point.

Changing a route or an IP address should be something which can be done without any traffic loss.

 

2 Replies
HeikoAnkenbrand
Champion
Champion
‎2023-02-01 01:21 AM

All IPv6 restrictions and Maestro features are described in this SK's:

IPv6 features and limitations in R80.30 and higher

Scalable Platforms (Maestro and Chassis) comparison between versions


➜ CCSM Elite, CCME, CCTE
0 Kudos
cassiomaciel
Participant
‎2023-02-01 06:06 AM

I think isn't a specific issue related to IPv6, but is a problem with VSX on Maestro.

In my company we've maestro setups with one security group each, some of them we're working with 3 vsx per sg, we faced some issues, where we need to reboot all SGMs simultaneously and this caused a huge impact for us.

The cases opened with TAC weren't able to find out the root cause, but they explained when a VSX is down, for MHO the whole SGM are considered down as well.

I've installed the HF81 for R81.10 last weekend and seems something was improved, since I didn't face any issue and in the same maintenance window, I created 2 new VSX.

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events