When trying to change domain id, the error message "%CONF-ERR: Invalid value" is returned. This article presents a way to change domain id on a circuit. An attempt to modify the domain for an already existing circuit returns the CLI error
"Updating domain is not allowed" as shown below.
CBS# configure circuit test
CBS# configure circuit test domain 100 %CONF-ERR: Invalid value
Detail: Unable to execute task: Updating domain is not allowed
By default, when a new circuit is created, XOS assigns that circuit to domain 1. Optionally, you can use the domain parameter to assign a different domain to the circuit that you are configuring. It is not possible to update the domain of an already existing circuit.
To change domain for an existing circuit, you must remove the circuit and recreate it again with the desired domain value. Before removing the circuit, it is necessary to remove any existing references to that circuit in the CLI configuration (interface/group-interface, VRRP virtual router, or static routes).
CBS# configure no circuit test
CBS# configure circuit test domain 100 CBS(conf-cct)#
If the VAP group affected by the circuit domain ID change runs a Check Point Firewall application, you will need to at least run
cpstop ; cpstart after re-adding the modified circuit(s).
Another option is to reload the affected VAP group.
Check Point Clustering is unaware of the existence of the circuits from the time of deletion. Running the
"cphaprob -a if" command will not show these interfaces any more after re-adding them in CLI without at least running
cpstop ; cpstart.
Imported Document ID: 000019162
Subscribing will provide email updates when this Article is updated. Login is required.