Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Giga_Yang
Explorer

Checkpoint MAC learning problem

Dear All,

After we  add a new trunk between Checkpoint Firewall and a Cisco L2 switch.

We found Check Point could not learn this VLAN Device MAC at ARP.  The Check Point OS version is GAIA R80.40.

How we resolve this problem.

Thanks for a lot.

0 Kudos
9 Replies
Chris_Atkinson
Employee
Employee

Can you please share more detail of the environment - Is the gateway (appliance model?) configured as a standard cluster or for VSX and what JHF is applied?

How is the trunk port configured on the Cisco, is it also a bond?

0 Kudos
Giga_Yang
Explorer

Hi Chris,

1. No VSX, only HA.

2. The gateway is 16200.

3. The GAiA OS is R80.40 with JFH Take 118.

4. The trunk is use interface bond.

0 Kudos
Chris_Atkinson
Employee
Employee

LACP is used for the bond on both sides and cabling has been verified?

Please share the output of:

[Expert@HostName:0]# cat /proc/net/bonding/bondX

 

Note: Updating to a recent JHF is also recommended where possible.

0 Kudos
Giga_Yang
Explorer

Hi Sir,

Others VLAN trunk was normally, but when we create a new. We see this problem.

I will try to output cat /proc/net/bonding/bondX for you.

0 Kudos
Giga_Yang
Explorer

But we can see gateway interface Mac on local device. Why we can not see  local device's Mac on gateway.

 

0 Kudos
Chris_Atkinson
Employee
Employee

Are you on the active or standby gateway and what do you see in the ARP table if you do a broadcast ping or similar?

0 Kudos
Giga_Yang
Explorer

Hi Chris,

We can ping local device from firewall. But not see Mac at ARP.

But other VLAN trunk is normally,

0 Kudos
Giga_Yang
Explorer

Hi Chris,

Should we turn off/on the VLAN interface on gateway? If it will not  influence other VLAN traffic.

0 Kudos
G_W_Albrecht
Legend
Legend

I would suggest to contact TAC !

CCSE CCTE SMB Specialist
0 Kudos