CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Change Mgmt interface on appliance

  1. #1
    Join Date
    2018-04-18
    Posts
    48
    Rep Power
    0

    Default Change Mgmt interface on appliance

    Hi,

    I have a HA active / standby cluster of two 15,400's running R77.30 and my SMS running R80.10.

    I currently have the management interface set to eth 2-07 which has a IP of 192.168.255.x. I need to move this IP to eth1-01 so I can make it fiber. (this interface is used for production traffic as well as management).

    I was under the impression I could go into the web gui of the gateway, configure an IP on the "Mgmt" interface that is not in use anywhere else, assign my laptop a IP in the same scope, and connect to it, move the IP and the management interface to eth1-01.
    The physical Mgmt interface on the appliance is not in use and not even defined in the topology in SmartConsole. I now see that my https attempts to the IP I assigned to it were all blocked.
    When I install policy on this cluster the SMS connects to it's eth 2-07 interface.

    Does anyone know how I can easily move this IP to eth 1-01 and make eth 1-01 the new management interface?

    Is doing this in the local console port through the CLI possible/

    Thank you.

  2. #2
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    309
    Rep Power
    13

    Default Re: Change Mgmt interface on appliance

    Definitely possible. I recommend moving it to a bond, then you can use the CLI to move the bond between physical interfaces easily.

    Now what may not be possible is doing this without an outage. How does your SmartCenter talk to the firewall? Through this management interface, or through some other interface?
    Zimmie

  3. #3
    Join Date
    2007-06-04
    Posts
    3,305
    Rep Power
    17

    Default Re: Change Mgmt interface on appliance

    From your update then the Mgmt Interface not in the Topology so the Check Point Firewall won't know about it, only the Gaia OS will, and will get dropped at the Firewall.

    Mgmt is simply the label for the Interface that has the Registered MAC Address on that you see the device in user centre as. It isn't a special interface simply a label.

    So update the Topology with that, and add a rule allowing the Laptop in the same range as the IP to connect to the WebUI. Install Policy to the Cluster.

    You can then WebUI onto the Appliances from the WebUI and move the Interface IP that the Management Server connects too, onto the Fibre Interface, and then make sure that you update the Interface Names in the Topology in the SmartConsole.

    Policy Installation is sent to the IP address that the Object for the Gateways are identified by in the SmartConsole so that is where the SmartCentre will attempt to connect too.

    You WILL have downtime whilst you move the IP off the Ethernet to the Fibre and then update the Console with the new Interface Definition and then install the Security Policy.

Similar Threads

  1. Change IP-address on Mgmt-interface
    By Nilsan in forum Firewall Blade
    Replies: 3
    Last Post: 2016-03-08, 09:44
  2. Change Interface Names on 4200 appliance
    By slowfood27 in forum Check Point 2012 Appliances
    Replies: 1
    Last Post: 2016-01-21, 06:03
  3. Reg: Time change on Splat Mgmt Server - Impact
    By ecesureshkumar in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 3
    Last Post: 2014-12-10, 10:01
  4. Upgraded Smart-1 50 Mgmt appliance for sale
    By Ender519 in forum Announcements From Check Point Administrators, For Sale/Wanted, Etc.
    Replies: 2
    Last Post: 2014-11-05, 17:58
  5. Mgmt HA Hostname Change
    By Testing-123 in forum Management High Availability
    Replies: 2
    Last Post: 2008-03-19, 07:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •