Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scottc98
Collaborator

Cluster Sync Interface - Response to Web GUI

I have a question in regards to the cluster sync interface between 2 nodes (ClusterXL - Active/Active Bridge mode).

The GWs in question only have 2 IP network interfaces:

  • MGMT:  Used for actual management of the device
  • Sync:  A non routable 192.168.X.X /29 assigned; with a direct cross over cable between the clusters. 

The desired approach/idea here was to only have the MGMT network be reachable from outside of the cluster; with the cluster synch network being truly 'local' for the cluster.  

During a resent scan, we found that the 192.168. synch network was responding to web GUI attempts through the bridge interface.   It just so happens that the default route is going through this bridge and therefore scans from this IP is hitting this GW cluster in question. 

I've never really used the sync interface for any WebGUI/SSH access from any outside network in the past.   The only time I have used it is for SSH from one cluster member to the other during some triag/outages.  

Is it normal for the sync interfaces to respond to these attempts?   Is there anyway to keep this traffic 'local' or ill effect to such?  

I don't have direct access to this cluster (Only Smartconsole 'read-only') so if there are some info needed, let me know and I can request it. 

 

Thanks in advance 🙂

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Yes, it's normal, as multiportal (used for all web portals) and SSH listen on all interfaces by default.
You can change the listening IP/port for sshd by following a procedure similar to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Not sure on Multiportal, short of disabling it and configuring a different port for the Gaia WebUI.

A better solution might be blackholing the specific sync subnet on your internal router (that way, no traffic can reach the gateway on those IPs).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events