 | ||
 Multiple External Interfaces | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-07-31 | |||
| |||
 Multiple External Interfaces Peoples - I am having a little problem at the moment. I am currently migrating ISPs and have configured a 2nd external interface on my Checkpoint NGX x45 Crossbeam appliance. It is a clustered interface of which all the rest work perfectly. The problems lies in connecitivty - I can add the intereface perfectly, but then I can connect to it Ok for about 8 or so hrs, and then I cant even get an arp reponse back from it even from the next hop. The arp table just gives me INCOMPLETE on the router (next hop). Its almost like it doesnt see it at all - I can however ping it from with internal segments, but coming from external, it just doesnt seem to exist. Its like its put the Interface into a type of promiscuos mode for all traffic originating externally. I have only a 500 node license, and was wondering if I'm allowed 2 external interfaces. Any information would greatly be appreciated. Also any secure client sitre created after I added the 2nd external interface doesnt seem to work at all - I have to delete the 2nd interface and the site can then be connected etc. Secure client issue aside, I really just wanted to know if I can have multiple external interfaces defined - and if so why it deosnt seem to work properly Kind Regards, Fab  |
| 2006-08-01 | |||
| |||
| Re: Multiple External Interfaces You can have multiple external interfaces with a node-limited license - you just can't forward traffic from one external interface to another. You should be seeing it in your logs if you've got license problems anyway. What's happening with ARP? Is the router sending an ARP request, and the firewall just ignoring it? Or is the firewall sending a response, but the router doesn't like the response? |
| 2006-08-01 | |||
| |||
| Re: Multiple External Interfaces Yeah its a bit weird - It seems to work for a little while - I see traffic hitting me and all is working, then for some unknown reason I test again and everything isnt working and I dont even get an arp reply from the FW. Routers arp table entry is just set to 'INCOMPLETE', where it had returned the mac address previously. I even reset router interface and it doesnt help. Strange behaviour. |
| 2006-08-01 | |||
| |||
| Re: Multiple External Interfaces Case closed - the crossbeam linux FW had the broadcast address as my nexthop which is actually wrong, but I change the next hop address to somethinglower and all is good. Cheers Fab |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
