https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/122171#M17480 <P>If Router-id is not configured as Cluster IP then LSA on peer device are not updated. I could see router LSA with unreachable metric as soon as I changed the router-id to Cluster IP, it is working fine.&nbsp;</P> Fri, 25 Jun 2021 12:26:21 GMT vinodsh 2021-06-25T12:26:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19748#M1521 <HTML><HEAD></HEAD><BODY><P>Hi Team.</P><P>I have a question about OSPF work in HA pair (R80.10).</P><P>Do I need configure graceful restart or other special settings for seamless failover?</P><P>I tested failover scenario and&nbsp;after I disable current active<SPAN>&nbsp;member with clusterxl admin down new active member stopped forwarding traffic because&nbsp;of lack of routing information</SPAN></P></BODY></HTML> Thu, 16 Aug 2018 17:08:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19748#M1521 Dmitry_Barantse 2018-08-16T17:08:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19749#M1522 <HTML><HEAD></HEAD><BODY><P>As far as I know, you do not need Graceful Restart unless you are using VRRP.</P><P>With regular ClusterXL, routing information should sync between cluster members.</P><P>The router-id should be configured as the Cluster IP, though.</P><P>See also:&nbsp;<A class="" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95968" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95968">OSPF on Gaia</A>&nbsp;</P></BODY></HTML> Fri, 17 Aug 2018 01:30:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19749#M1522 PhoneBoy 2018-08-17T01:30:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19750#M1523 <HTML><HEAD></HEAD><BODY><P>It looks like OSPF synchronization is not working for you.&nbsp;</P><P></P><P>It is done on TCP port 2010. You can start troubleshooting with this SK:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk62570&amp;partition=Advanced&amp;product=ClusterXL,#FIBMGR" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk62570&amp;partition=Advanced&amp;product=ClusterXL,#FIBMGR">How to troubleshoot failovers in ClusterXL - Advanced Guide</A>&nbsp;</P><P></P><P>Some additional recommendations concerning FW rules you may need to put in place are here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk31243" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk31243">ClusterXL member is "Down" due to Critical device "FIB"</A>&nbsp;Mind this SK is not directly applicable to your case, but the FW rules mentioned there are.</P></BODY></HTML> Fri, 17 Aug 2018 07:56:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/19750#M1523 _Val_ 2018-08-17T07:56:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/122171#M17480 <P>If Router-id is not configured as Cluster IP then LSA on peer device are not updated. I could see router LSA with unreachable metric as soon as I changed the router-id to Cluster IP, it is working fine.&nbsp;</P> Fri, 25 Jun 2021 12:26:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-OSPF/m-p/122171#M17480 vinodsh 2021-06-25T12:26:21Z