Symptoms:
One of cluster member shows problem. It always happened on standby member. If goes into deep, you will find some of cluster member interfaces are showing down or partially up, although physically interface is up and connected properly.Related post: https://www.51sec.org/2016/01/24/configuring-checkpoint-gateway-forwarding-logs-to-external-syslog-server/
Log into command line on primary member:
[Expert@CP1]# cphaprob stat
Cluster Mode: New High Availability (Active Up)
with IGMP Membership
Number Unique Address Assigned Load State
1 (local) 1.1.1.1 100% Active
2 1.1.1.2 0% Down
On standby checkpoint member :
[Expert@CP2]# cphaprob stat
Cluster Mode: New High Availability (Active Up)
with IGMP Membership
Number Unique Address Assigned Load State
1 1.1.1.1 100% Active
2 (local) 1.1.1.2 0% Down
[Expert@CP2]# cphaprob -i list
Built-in Devices:
Device Name: Interface Active Check
Current state: problem
Device Name: HA Initialization
Current state: OK
Registered Devices:
Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 93466.5 sec
Device Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 93439.2 sec
Device Name: cphad
Registration number: 2
Timeout: 2 sec
Current state: OK
Time since last report: 0.2 sec
Device Name: fwd
Registration number: 3
Timeout: 2 sec
Current state: OK
Time since last report: 0.2 sec
[Expert@CP2]# cphaprob -a if
Required interfaces: 4
Required secured interfaces: 1
DMZ UP non sync(non secured), multicast
Internal Inbound: DOWN (10.9 secs) Outbound: DOWN (88822.4 secs) non sync(non secured), multicast
Lan1 UP sync(secured), multicast
External Inbound: DOWN (88822.4 secs) Outbound: DOWN (89001.8 secs) non sync(non secured), multicast
Virtual cluster interfaces: 3
DMZ 100.9.2.30
Internal 100.9.40.1
External 100.9.38.20
Solution:
Change Cluster mode from Multicast mode to Broadcast mode. From command line, it is "cphaconf set_ccp broadcast". This change does not require system reboot or cpstop/cpstart. Also it can survive reboot.[Expert@CP1]# cphaconf set_ccp broadcast
[Expert@CP1]# cphaprob -a if
Required interfaces: 4
Required secured interfaces: 1
DMZ UP non sync(non secured), broadcast
Internal UP non sync(non secured), broadcast
Lan1 UP sync(secured), broadcast
External UP non sync(non secured), broadcast
Virtual cluster interfaces: 3
DMZ 10.99.2.30
Internal 10.99.140.1
External 10.99.138.20
[Expert@CP1]# cphaprob stat
Cluster Mode: New High Availability (Active Up)
with IGMP Membership
Number Unique Address Assigned Load State
1 (local) 1.1.1.1 100% Active
2 1.1.1.2 0% Standby
[Expert@CP2]# cphaconf set_ccp broadcast
[Expert@CP2]# cphaprob stat
Cluster Mode: New High Availability (Active Up)
with IGMP Membership
Number Unique Address Assigned Load State
1 1.1.1.1 100% Active
2 (local) 1.1.1.2 0% Standby
[Expert@CP2]# cphaprob -a if
Required interfaces: 4
Required secured interfaces: 1
DMZ UP non sync(non secured), broadcast
Internal UP non sync(non secured), broadcast
Lan1 UP sync(secured), broadcast
External UP non sync(non secured), broadcast
Virtual cluster interfaces: 3
DMZ 100.9.2.30
Internal 100.9.40.1
External 100.9.38.20
Note: To softly switch cluster statue between cluster member, use this command "clusterXL_admin <up|down> [-p]"
[Expert@CP]# clusterXL_admin up
Setting member to normal operation ...
Member current state is Standby
No comments:
Post a Comment