Wednesday, January 30, 2013

VSX R67: Incorrect IP address of re-defined VLAN interface

I have got a support call the last week about inability to re-configure IP address on one of the Virtual Systems' VLAN interface on VSX R67.10 system.

To be more specific, say it was eth1.444 with IP address 192.168.xxx.yyy. During the migration to this VS, customer had to "hide" interface for some time. So he has changed its IP address to something like 1.1.1.1.

First time it has worked like a charm. But when he wanted to put the production IP address back, strange things began to happen. In the SmartDashboard it was all right, but instead of 192.168.xxx.yyy eth1.444 was still reported with 1.1.1.1 by ifconfig and cphaprob -a if commands.

Deletion and recreation fo the interface did not change the situation. Eventually the customer has opened a support call with us.

Apparently this is an known issue described in Check Point SecureKnowledge in sk67120.

The solution was to install policy on the VS after re-definition of the interface.

The issue is only specific to R67 and does not seem to appear with R65 and R75.40VS.

No comments:

Post a Comment