Please mind the Gap…and the VSwitch! – VSwitch in front of the VS0 Mgmt Interface is a bad idea!

Hello,

gap

Just a quick one to save some of you out there from the mistake I made:

When you create a new VSX Cluster object in the Smartdashbord it will ask you at some point if you want to create a Virtual Network device:

step8

If you do the same mistake here that I made and place a Virtual Switch in front of your Mgmt Interface you are screwed ;)
As you can read at the bottom this configuration is not reversible. So you need to create a new VSX Cluster object and do all configuration again!

Why is a VSwitch in front of the Mgmt Interface a bad Idea? Short and simple:

– There is no benefit!
– If you do a cpstop you lose connectivity to the Mgmt port so you can only reactivate it via Console Port. Now think about troubleshooting scenarios where you need more than one session to the cluster while cpstoped the gateway -> not possible.

Checkpoint Calls this kind of Setup “None Direct Management Interface” (None DMI). You can find a couple of lines about this in the R76 VSX Admin Guide.

Just a small advise so that you dont have to feel like I did:

38748093

Regards
Sebastian

Advertisements

About SebastianB

read it in my blog
This entry was posted in Checkpoint and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s