Support Center > Search Results > SecureKnowledge Details
Identical IP addresses from VSX "Internal Communication Network" are assigned to interfaces that belong to different Virtual Systems
Symptoms
  • Identical IP addresses from VSX "Internal Communication Network" (open VSX cluster object - go to Cluster Members pane) are assigned to interfaces that belong to different Virtual Systems.

  • Examples from Gaia Database:

    • set interface bond1.62 ipv4-address 192.168.196.33 mask-length 28
      set interface eth1-01 ipv4-address 192.168.196.33 mask-length 28
      set interface eth1-06 ipv4-address 192.168.196.33 mask-length 28
      
    • set interface bond1.103 ipv4-address 192.168.196.17 mask-length 28 
      set interface bond1.52 ipv4-address 192.168.196.17 mask-length 28
      set interface eth1-05 ipv4-address 192.168.196.17 mask-length 28
      set interface wrp128 ipv4-address 192.168.196.17 mask-length 28
      
    • set interface wrp192 ipv4-address 192.168.196.1 mask-length 28
      set interface wrp256 ipv4-address 192.168.196.1 mask-length 28
      set interface bond1.66 ipv4-address 192.168.196.1 mask-length 28 
      set interface eth1-03.667 ipv4-address 192.168.196.1 mask-length 28
      
  • Example from $FWDIR/conf/objects_5_0.C file:

    :13 (
        :dual_wan (false)
        :dynamic_ip (false)
        :ifindex (13)
        :ipaddr (192.168.196.33)
        :monitored_by_cluster (false)
        :mss_value (0)
        :netmask (255.255.255.240)
        :officialname (bond1.62)
        :antispoof (true)
    
    :15 (
        :dual_wan (false)
        :dynamic_ip (false)
        :ifindex (15)
        :ipaddr (192.168.196.33)
        :monitored_by_cluster (false)
        :mss_value (0)
        :netmask (255.255.255.240)
        :officialname (eth1-01)
        :antispoof (true)
    
Cause

The "Internal Communication Network" is a virtual network that is required for Check Point ClusterXL environments in addition to the synchronization network. The internal communication network is invisible to external networks and enables cluster members to communicate and recognize the state of the environment.

IP address assigned from "Internal Communication Network" must be unique only in the scope of a specific Virtual System on a specific cluster member:

  • Unique IP addresses from VSX "Internal Communication Network" must be assigned to the same Virtual System on different cluster members
  • The same IP addresses from VSX "Internal Communication Network" can be assigned to interfaces that belong to different Virtual Systems

Solution
Note: To view this solution you need to Sign In .