Base de conhecimento
NTSec | Network Security > Suporte - NTSec | Network Security > Base de conhecimento

Faça uma pegunta:


[BC0004] Como configurar DHCP Relay em ambiente de Cluster

Solução
SOLUTION

Follow these steps:

  1. Connect with your web browser to Gaia Portal of the relevant Security Gateway / each Cluster member. 

  2. Make sure that 'View mode' is set to 'Advanced' (upper right corner). 

  3. Make sure that you acquire the configuration lock (icon on the top toolbar - near the 'Sign Out'). 

  4. Go to 'Advanced Routing' pane - go to 'DHCP Relay' section: 



  5. In the 'BOOTP/DHCP' section, click on 'Add' button - 'Add BOOTP / DHCP Relay' window opens: 



  6. In the 'Interface:' field, select the interface, through which the DHCP packets will be received from / sent to hosts on the network (in our example - eth2): 



  7. In the 'Primary Address:' field, enter the following IP address: 

    • On Security Gateway - enter the primary physical IP address that was configured on the selected interface (in our example - 20.20.20.11): 



    • On each Cluster member - enter the Cluster Virtual IP address that was configured on this interface in SmartDashboard in Cluster Topology. 

      Important Notes: 

      • This configuration applies to all Gaia OS versions - R75.40 and above. 

      • However, Cluster Virtual IP is not accepted correctly in R75.40R75.40VSR75.45, and R75.46versions (this issue was fixed in R76). 

        For these versions:
        • Either contact Check Point Support to get a Hotfix to be able to configure Cluster Virtual IP address (as designed).
        • Or configure the physical IP address of the involved cluster interface (there is no negative impact).


      • Procedure for R75.40VS in VSX mode is described in sk89601 (applies to both Gateway and Cluster).


      Run the 'cphaprob -a if' command on the cluster members (in our example - 20.20.20.20):
      [Expert@HostName]# cphaprob -a if
      
      Required interfaces: 1
      Required secured interfaces: 0
      
      eth0       UP                    non sync(non secured), multicast
      eth2       UP                    non sync(non secured), multicast
      eth1       UP                    sync(secured), multicast
      
      Virtual cluster interfaces: 2
      
      eth0            192.168.204.20        
      eth2 20.20.20.20        
      
      [Expert@HostName]#
      


  8. In the 'Relays' section, click on 'Add' button - 'Add Relay' window opens: 



    • Enter the IP address of the DHCP Server, to which the DHCP packets from hosts will be forwarded/relayed (in our example - 192.168.204.3). 

    • Click 'OK'.



  9. Check the configuration in the 'Add BOOTP / DHCP Relay' window and click on 'Save' button:
    Based on our examples

    Security Gateway: 



    Cluster members: 

  10. The DHCP Relay configuration is added in the 'DHCP Relay' section:
    Based on our examples

    Security Gateway: 



    Cluster members: 

  11. You can also check the DHCP Relay configuration on the CLI: 

    • In Clish: 

      HostName> show bootp interfaces
      Based on our examples

      Security Gateway: Cluster members:
      BOOTP Relay Interfaces State
      Interface eth2
          Flags:
          Max Hopcount:        4
          Wait Time:           0
          Primary Address:     20.20.20.11
          Gateway Address:     20.20.20.11
          Relay To:            192.168.204.3
      
      BOOTP Relay Interfaces State
      Interface eth2
          Flags:
          Max Hopcount:        4
          Wait Time:           0
          Primary Address:     20.20.20.20
          Gateway Address:     20.20.20.20
          Relay To:            192.168.204.3
      
    • In Expert mode: 

      [Expert@HostName]# grep routed /config/db/initial | grep bootpgw
      Based on our examples

      Security Gateway:
      routed:instance:default:bootpgw:interface:eth2 t
      routed:instance:default:bootpgw:interface:eth2:relayto:host:192.168.204.3 t
      routed:instance:default:bootpgw:interface:eth2:primary 20.20.20.11
      
      Cluster members:
      routed:instance:default:bootpgw:interface:eth2 t
      routed:instance:default:bootpgw:interface:eth2:relayto:host:192.168.204.3 t
      routed:instance:default:bootpgw:interface:eth2:primary 20.20.20.20
 
Este artigo ofereceu ajuda? sim / não
Detalhes do artigo
ID do Artigo: 4
Categoria: Check Point
Data de publicação: 2013-08-18 00:08:35
Visualizações: 1030
Classificação (Votos): Classificações de artigo 4.0/5.0 (4)

 
« Voltar

 
Powered by Help Desk Software HESK - brought to you by Help Desk Software SysAid