Support Center > Search Results > SecureKnowledge Details
Dynamic Object 'LocalMachine_All_Interfaces' on ROBO gateway does not include all the interfaces that were configured in SmartProvisioning GUI
Symptoms
  • Traffic sent to the ROBO device is not accepted correctly on all interfaces that were confgiured in the SmartProvisioning GUI.

    Example:

    SSH connection is not accepted on all interfaces of a ROBO device even when the following security rule was installed on a ROBO device:

    Source = Any
    Destination = LocalMachine_All_Interfaces
    Service = ssh
    Action = Accept
  • Output of 'dynamic_objects -l' command on the ROBO device does not show interfaces that were configured in the SmartProvisioning GUI - output shows only interfaces that were configured in the 'cpconfig' menu - 'ROBO interfaces'.

  • Traffic sent to the ROBO device is accepted as expected only when adding all relevant interfaces locally in the 'cpconfig' menu - 'ROBO interfaces':

    1. Connect to command line on a ROBO device
    2. Run 'cpconfig' command - select 'ROBO interfaces'
    3. Add all the relevant interfaces of the ROBO device
    4. Define the relevant dynamic objects using the 'dynamic_objects -a' command
  • However:

    • When configuring the interfaces locally via 'cpconfig' menu, the interfaces are configured with IP ranges and not with single IP addresses.

      Example output of 'dynamic_objects -l' command:
      object name : LocalMachine_All_Interfaces 
      range 0 : 10.10.10.0 10.10.10.255 
      range 1 : 172.30.16.0 172.30.16.222 
      range 2 : 192.168.0.0 192.168.0.255
      
    • When changing the configuration of ROBO device from Centrally Managed to Locally Managed, the configuration of interfaces changes from IP ranges to single IP addresses:

      [Expert@HostName]# LSMenabler -r -DynObj=local on

      Example output of 'dynamic_objects -l' command:
      object name : LocalMachine_All_Interfaces 
      range 0 : 10.10.10.1 10.10.10.1 
      range 1 : 172.30.16.222 172.30.16.222 
      range 2 : 192.168.0.1 192.168.0.1
      
Solution
Note: To view this solution you need to Sign In .