This is a real life sample alert from the indeni Check Point Firewalls Configuration Guide to Alerts
ClusterXL’s protocol (CCP) uses pre-set MAC addresses that by default are the same across all clusters. If you connect two different clusters to the same network segment, their traffic may conflict. This can result in odd behavior on both the cluster members and the switching equipment. This device is connected to core-switch-1 (10.12.101.1) and is using the same magic MAC address as flnj-fw1 (10.10.11.1). Note that indeni monitors the data on the switch to issue this alert as the conflict is not visible from the firewalls themselves.
indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.
Manual Remediation Steps:
How does this alert work?
indeni monitors the switches’ stats to identify when the magic MAC appears to be “hopping” or “flapping” between two physical ports. Once this is identified, indeni pulls the physical MAC addresses listed on those ports and crosses them with the Check Point firewalls currently monitored.
Interested in learning more? Download for free the official indeni guide to Preemptive Maintenance of Check Point Firewalls. Just fill out the form below:[ninja_form id=5]