Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dede79
Contributor
Jump to solution

SMB 1500 R81.10 - Cluster Virtual IP address belongs to a different subnet

Hello,

 

I need to configure VIP on different subnet on a SMB cluster - centrally managed - on WAN link (have not enought pub. IPs and Mgmt is directly connected).

So private IPs for the interfaces and a public IP as VIP. Problem is to set the default gateway - SMB Internet connection only allows configure Gateway in the same subnet. Adding a manual default route is also no possible.

 

Any idea?

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

sk159772 suggests this should be possible in R81.10.x

CCSM R77/R80/ELITE

View solution in original post

15 Replies
G_W_Albrecht
Legend
Legend
0 Kudos
Chris_Atkinson
Employee Employee
Employee

sk159772 suggests this should be possible in R81.10.x

CCSM R77/R80/ELITE
G_W_Albrecht
Legend
Legend
ID Description Found In Resolved In
01615874 When defining a locally managed cluster, the Virtual IP address of a clustered interface has to be in the same subnet as the real IP addresses of the cluster members. R80.20 GA R81.10.00

 

CCSE CCTE CCSM SMB Specialist
dede79
Contributor

I use centrally managed - but actually as said I heve no idea how to configure the default gateway.

0 Kudos
xAnTx
Employee
Employee

Hi!
Are you trying to configure DG before or after cluster configuration?
As far as I know, DG could be configured in subnet, other than actual IP address, only when cluster configuration already done on the appliance.
Means - try to configure cluster first (with all needed IPs), install policies, and only after that - change DG on members themselves.

0 Kudos
dede79
Contributor

cluster is configured - actually the issue is in configuring the default route on gaia embedded itself!

0 Kudos
Amir_Ayalon
Employee
Employee

Have you tried R81.10.05 ?

0 Kudos
dede79
Contributor

for some reason my last post was deleted with the screensot of the issue.

0 Kudos
G_W_Albrecht
Legend
Legend

Did you contact TAC already ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
dede79
Contributor

I pushed issue to Checkpoint SE .....will post the solution here if I get one

0 Kudos
RS_Daniel
Advisor

Hello @dede79 ,

We are facing a similar scenario, need to have member interfaces in a different subnet than virtual IP. Were you able to make it work? was default route possible?

Regards

(1)
Chris_Atkinson
Employee Employee
Employee

Have you tested R81.10.07 (996001430) out of interest?

CCSM R77/R80/ELITE
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Successfully tested this to the extent my lab allows on a locally managed cluster running R81.10.07 (996001430).

Time permitting will follow-up similar tests on a centrally managed variant also.

Image1.pngImage2.PNG

Image3.png

CCSM R77/R80/ELITE
0 Kudos
FerPr0c03
Participant

Hi @dede79 

Were you able to solve the problem with the default routes? I have the same scenario and same problem.
Could you help me? thanks

 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Please open a case with TAC if not already and I will follow up internally, thanks.

 

Share the SR number with me in private message.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events