Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Noah_T
Participant

Removing a VLAN from Interface

One of physical interface on a SG 15000 Series firewall cluster is trunked with 1 vlan and I need to remove that vlan and turn off the interface . What is the correct procedure to do that ?

 Cluster with active/standby setup. Gateways are on GAIA R77.30 , managed by R80 CMA. 

8 Replies
Gomboragchaa
Advisor

Delete the VLAN Interface from GAiA Web portal or Clish..

Turn off the physical interface. 

All changes must do on each member of gateways.

Then Update Topology Table on Smartconsole

0 Kudos
Noah_T
Participant

Gomboragchaa Jamganjav

Should it be removed 1st on Standby Gateway ?

After updating the topology table should a policy push be required ?

0 Kudos
Norbert_Bohusch
Advisor

if you update topology after removing it from gateways, this will break cluster status for sure!

Noah_T
Participant

Thanks Norbert.

I would like to follow the steps you outlined. Below is my Plan,

1) Remove the interface from the topology table in SmartConsole and push the policy.

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 4
Required secured interfaces: 1)

after step 1 would the output be as below ?

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 3
Required secured interfaces: 1)

2) delete IF from standby (clish)

3) delete IF from active (clish)

4) admin down the physical interface on both nodes

0 Kudos
LadislavNemecek
Participant

Delete vlan then admin down interface on both members.

Would prefer to start with standby node, especially if interface/vlan set as a cluster monitored

After changes on firewall nodes level, update topology on cluster object in CMA  and push policy

0 Kudos
Gaurav_Pandya
Advisor

Hi,

As it is in cluster, I would suggest to follow instruction as per sk57100.

 

0 Kudos
Norbert_Bohusch
Advisor

sk57100 is a good choice.

But I must admit, that I never followed it completely. So I never stopped a member for this type of maintenance. 

I normally use the following to remove an interface:

- remove it from topology in cluster object through SmartConsole

- check chaprob -a if for the change on both members

- delete IF from standby (clish)

- delete IF from active (clish)

0 Kudos
Gaurav_Pandya
Advisor

This seems to be Good steps

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events