Subscribe to the Blog

Get articles sent directly to your inbox.

This is a real life sample alert from the Indeni Check Point Firewalls Configuration Guide to Alerts

Description:

ClusterXL’s protocol (CCP) uses pre-set MAC addresses that by default are the same across all clusters. If you connect two different clusters to the same network segment, their traffic may conflict. This can result in odd behavior on both the cluster members and the switching equipment. This device is connected to core-switch-1 (10.12.101.1) and is using the same magic MAC address as flnj-fw1 (10.10.11.1). Note that indeni monitors the data on the switch to issue this alert as the conflict is not visible from the firewalls themselves.

indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.

Manual Remediation Steps:

Follow SK25977.

How does this alert work?

indeni monitors the switches’ stats to identify when the magic MAC appears to be “hopping” or “flapping” between two physical ports. Once this is identified, indeni pulls the physical MAC addresses listed on those ports and crosses them with the Check Point firewalls currently monitored.

Interested in learning more? Download for free the official Indeni guide to Preemptive Maintenance of Check Point Firewalls.

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.