CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Installing And Upgrading
Unremovable spoof groups after upgrade Unremovable spoof groups after upgrade
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-06-07
Senior Member
  
Join Date: 2006-02-18
Posts: 103
Rep Power: 3
ChrisA has an average reputation (10+)
Default Unremovable spoof groups after upgrade
Our upgrade from NG FP3 to NGX created Net_xx.xx.xx.xx network objects and <clustermbr>-<interface> spoof groups containing those Net_xx.xx.xx.xx objects. This also happened during the upgrade from 4.1 to NG, and we were able to clean these up without a problem after the upgrade. But in NGX, when we try to delete the spoof groups, we get an error that the object is used and is not removable. We've already changed the spoof groups referenced in the topology of the cluster, and we can't find any reference to the spoof groups we're trying unsuccessfully to delete, but the software seems to think they are referenced somewhere. Has anyone run into this issue? Thank you.
Reply With Quote
  #2 (permalink)  
Old 2006-06-07
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Unremovable spoof groups after upgrade
Did you try to delete group object or remove from anti-spoofing configuration?
Did you try to select group object, and select menu "Where used"?
Reply With Quote
  #3 (permalink)  
Old 2006-06-07
Senior Member
  
Join Date: 2006-02-18
Posts: 103
Rep Power: 3
ChrisA has an average reputation (10+)
Default Re: Unremovable spoof groups after upgrade
I apologize for not being clear.

After the upgrade, I did "Edit Topology" in the Gateway Cluster object. I edited the topology of each interface in the cluster, in the Topology tab of the Interface Properties window. Under Internal, I have "Specific" selected and I changed the spoof group to the one I had already defined before the upgrade, which I named spoof.ethx. I saved the change and installed the policy, but when I try to delete the auto-created spoof group, <clustermember>-<interfacename>, I get an error saying it is used by another object and cannot be deleted. If I click "Where Used" I see "Network Objects" in the Table column, "cluster_member" in the Type column, "No" in the Is Removable column, and "interfaces->{xxxx}" in the Context column.

I hope that clarifies. Thanks for your help.
Reply With Quote
  #4 (permalink)  
Old 2006-06-27
Senior Member
  
Join Date: 2006-02-18
Posts: 103
Rep Power: 3
ChrisA has an average reputation (10+)
Default Re: Unremovable spoof groups after upgrade
Here's the fix:
Run the DataBase Revision Tool to take a backup (to be safe!)
Detach the cluster members from the cluster (click on the cluster object then click Detach from Cluster. Click Y to the prommpt)
Delete the objects
Add the cluster members back to the cluster (click on the cluster, click Edit->Cluster members->Add. Select the cluster member to be added. Click Y to the prompt).
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 12:53.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0