https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22973#M1751 <HTML><HEAD></HEAD><BODY><P>Hello, can you help me? We have the following problem.<BR />The client has an Active/Standby cluster.</P><P></P><P>When I turn off the active node, the standby normally takes over the environment.<BR />With this action, the gateways switch function.</P><P>The node that was active becomes standby and the standby is active.</P><P></P><P>So far, no problem.</P><P><BR />The problem occurs when I unplug the node that was previously standby and became active.</P><P>At that point, users' Internet access stops happening.<BR />When applying policy, how the connections are reestablished.</P><P></P><P>Some information:</P><P>1. In the log, the connections appear as Accept;<BR />2. If a user accesses a banned site, the banned access page is displayed;<BR />3. External publications work smoothly;<BR />4. It is possible to ping in stations that do not navigate.<BR />5. Servers that are in the DMZ do not face the problem.</P><P><BR />I created a rule above the web filtering rule and this host does not face the problem.<BR />Apparently the problem has to do with user sessions.</P><P></P><P>[Expert@gw01:0]# cphaprob stat</P><P>Cluster Mode: High Availability (Active Up) with IGMP Membership</P><P>Number Unique Address Assigned Load State</P><P>1 10.255.1.18 100% Active<BR />2 (local) 10.255.1.17 0% Standby</P><P>Local member is in current state since Tue Aug 28 14:15:10 2018</P><P></P><P>[Expert@gw02:0]# cphaprob stat</P><P>Cluster Mode: High Availability (Active Up) with IGMP Membership</P><P>Number Unique Address Assigned Load State</P><P>1 (local) 10.255.1.18 100% Active<BR />2 10.255.1.17 0% Standby</P><P>Local member is in current state since Tue Aug 28 12:12:54 2018</P><P></P><P>Thank You</P></BODY></HTML> Tue, 28 Aug 2018 17:45:59 GMT Carlos_Silva 2018-08-28T17:45:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22973#M1751 <HTML><HEAD></HEAD><BODY><P>Hello, can you help me? We have the following problem.<BR />The client has an Active/Standby cluster.</P><P></P><P>When I turn off the active node, the standby normally takes over the environment.<BR />With this action, the gateways switch function.</P><P>The node that was active becomes standby and the standby is active.</P><P></P><P>So far, no problem.</P><P><BR />The problem occurs when I unplug the node that was previously standby and became active.</P><P>At that point, users' Internet access stops happening.<BR />When applying policy, how the connections are reestablished.</P><P></P><P>Some information:</P><P>1. In the log, the connections appear as Accept;<BR />2. If a user accesses a banned site, the banned access page is displayed;<BR />3. External publications work smoothly;<BR />4. It is possible to ping in stations that do not navigate.<BR />5. Servers that are in the DMZ do not face the problem.</P><P><BR />I created a rule above the web filtering rule and this host does not face the problem.<BR />Apparently the problem has to do with user sessions.</P><P></P><P>[Expert@gw01:0]# cphaprob stat</P><P>Cluster Mode: High Availability (Active Up) with IGMP Membership</P><P>Number Unique Address Assigned Load State</P><P>1 10.255.1.18 100% Active<BR />2 (local) 10.255.1.17 0% Standby</P><P>Local member is in current state since Tue Aug 28 14:15:10 2018</P><P></P><P>[Expert@gw02:0]# cphaprob stat</P><P>Cluster Mode: High Availability (Active Up) with IGMP Membership</P><P>Number Unique Address Assigned Load State</P><P>1 (local) 10.255.1.18 100% Active<BR />2 10.255.1.17 0% Standby</P><P>Local member is in current state since Tue Aug 28 12:12:54 2018</P><P></P><P>Thank You</P></BODY></HTML> Tue, 28 Aug 2018 17:45:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22973#M1751 Carlos_Silva 2018-08-28T17:45:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22974#M1752 <HTML><HEAD></HEAD><BODY><P>You didn't mention the version/patch level of the gateway, which is almost always a relevant detail.</P><P>It also seems like you're using App Control/URL Filtering, but did not explicitly state this.&nbsp;</P><P></P><P>I would open&nbsp;a TAC case and have them investigate in more detail.</P></BODY></HTML> Tue, 28 Aug 2018 23:17:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22974#M1752 PhoneBoy 2018-08-28T23:17:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22975#M1753 <HTML><HEAD></HEAD><BODY><P>Dameon, thank you!</P></BODY></HTML> Thu, 30 Aug 2018 23:49:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Connections-after-cluster-failure-test/m-p/22975#M1753 Carlos_Silva 2018-08-30T23:49:00Z