CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 4 of 4

Thread: dbedit to create and modify cluster interfaces

  1. #1
    Join Date
    Winnipeg, Canada
    Rep Power

    Default dbedit to create and modify cluster interfaces

    Is it possible to use dbedit to add and modify cluster interfaces for a cluster object? I am setting up a new R77.20 Gaia cluster and have hundreds of interfaces to add to the object. I have added the interfaces in CLISH and used "get topology" on each cluster member to partially populate the topology table. Now I want to use dbedit to add the cluster IP and officialname to each of these interfaces.

    I have made a few unsuccessful attempts with dbedit using create, modify and addelement commands. I think addelement is what I want but I'm having trouble with the syntax. I have read the CLI guide for R77.20 but it does not go into any details of the Objects_5_0.C schema.

    Here is the dbedit commands I have tried so far with the resulting error message.

    dbedit> create network_objects YWGPOFWPOC interfaces:2:officialname bond32.601
    create <object_type> <object_name>

    dbedit> addelement network_objects YWGPOFWPOC interfaces 2
    2 Invalid Schema Class

    dbedit> modify network_objects YWGPOFWPOC interfaces:2:ipaddr
    failed to get index 2 in container interfaces

    Any help would be appreciated. thnx

  2. #2
    Join Date
    Gig Harbor, WA, USA
    Rep Power

    Default Re: dbedit to create and modify cluster interfaces

    You probably need to do something like:

    addelement network_objects YWGPOFWPOC interfaces interface
    modify network_objects YWGPOFWPOC interfaces:2:officialname bond32.601
    modify network_objects YWGPOFWPOC interfaces:2:ifindex 2
    modify network_objects YWGPOFWPOC interfaces:2:ipaddr
    modify network_objects YWGPOFWPOC interfaces:2:netmask
    modify network_objects YWGPOFWPOC interfaces:2:security:netaccess:access this
    modify network_objects YWGPOFWPOC interfaces:2:security:netaccess:perform_anti_spoof ing true
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    Rep Power

    Default Re: dbedit to create and modify cluster interfaces


    i have found out that this is the procedure in order to add a cluster interface

    create cluster_interface i1
    modify owned i1 officialname "eth2"
    modify owned i1 ipaddr
    modify owned i1 ifindex 2
    modify owned i1 netmask
    modify owned i1 member_network:ipaddr
    modify owned i1 member_network:netmask
    modify owned i1 security:netaccess:access this
    modify owned i1 security:netaccess:perform_anti_spoofing true
    add_owned_remove_name network_objects dor-clu interfaces owned:i1

    however i cannot find information on the value of ifindex, except this is a mandatory value, and must be between the between 0 and the number of configured interface on that object.
    but i don't know how its value is being used on the background and if i for example can put "0" value for all the interface i will add (i need to add 300)

    can someone can give me an input ?

    the starting status is that i have done the "get interface" from the member and i am with a "private monitored interface" on the cluster object on the dashbord.
    if i add the VIP from the dashboard and check the difference on the members objects and the cluster object and compare to the values before i also see that on the member's the interface has a "shared" value that was changed from "false" to "true" my procedure "^^" does not change this value.

  4. #4
    Join Date
    Rep Power

    Default Re: dbedit to create and modify cluster interfaces

    This is what i recall.. which could be very wrong! :)

    Starts a 0 assuming first interface is a cluster interface.

    For each cluster interface ifindex goes up by 1.

    For all none cluster interfaces (sync, private, etc) it doesn't change until a cluster interface comes up in the list again.

    I think it might be easier to

    addelement network_objects siteClusterFW interfaces cluster_interface

    then use 0. This should shift everything down and your ifindex will be 0 as well since its now the first one.

    modify network_objects siteClusterFW interfaces:0:ifindex 0

    This assumes siteClusterFW is the name of the cluster object and not the node object.

    buyer beware and make with the testing as its been a long time since I've done this.

Similar Threads

  1. How to create large scale cluster VIP addresses automatically
    By chkpjth in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2013-01-25, 14:57
  2. Secondary IPs on cluster Interfaces
    By DerGolo in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 4
    Last Post: 2010-07-11, 00:04
  3. create object via dbedit takes a long time
    By cciesec2006 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2010-01-19, 04:19
  4. Create Rule - DBEDIT
    By pviana in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2008-08-18, 09:47
  5. Min Amount of interfaces to build a cluster
    By seanw in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 1
    Last Post: 2007-07-19, 10:59

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts