Problem adding additional clustered interface

[diago]

We are running CheckPoint NGXR60 (splat on enforcement points / Windows on SmartCenter Server) and have had difficulties adding an additional clustered interface (to be used as a DMZ) to our cluster which has been running flawlessly until now.

The problem: after connecting a Cisco 2900XL series switch to each enforcement point NICs (and locking both switch and enforcement point interfaces to 100/Full I check the enforcement points and both show the interface as up. I then go into the cluster topology in the smartdashboard and add the following as a new interface:

Enforcement Point 1: 192.168.25.1/24 (internal)
Enforcement Point 2: 192.168.25.2/24 (internal)
Virtual IP: 192.168.25.3/24 (internal)

After installing the policy I lose connectivity to another DMZ we have connected to another interface (but not all other DMZs - we have several), which is a similar range - to the above address we're using (eg. 192.168.23.0/24). If I check the enforcement points the route for 192.168.25.0/24 has been automatically added and appears ok. I then have to backout the topology changes for the other DMZ to come back online.

Has anyone got any suggestions as to what the problem could be?

Thanks in advance.

[northlandboy]

You say that you are losing connectivity to another DMZ - could you be more specific in what you mean here? Are those interfaces still up? Are they still passing traffic - look at tcpdump/fw monitor. What do your logs say?

I think you've got some topology issues. Do the names of the interfaces in SmartDashboard correspond EXACTLY with the names at an OS level?