Management on Cluster-XL

EspenH — Sat, 23 May 2020 12:41:10 GMT

I am running a Checkpoint FW XL cluster with two physical appliances. Version R80.30 with take 191.

I have an issue with the secondary node. I can not reach it on HTTPS on the management port. I can reach it fine with SSH. But SSH gives a Connection Refused. If primary node is down I can reach with HTTPS. So no routing error. I can see the packet accepts in the firewall log. Also if use a server in the same subnet as the firewall I will reach it through https..

I use an inline vlan as management port, and I have defined it as mgmt in Checkpoint GAIA.

The physical mgmt port is not in use, and its not possible to use.

Anyone have any tips?

Re: Management on Cluster-XL

Timothy_Hall — Sat, 23 May 2020 19:31:04 GMT

Which interface address on the standby node are you using for your HTTPS/SSH connection? You need to use the interface IP address that is "facing" or closest to where you are initiating the connection from. Trying to use an interface address that is not facing you for direct HTTPS/SSH connections to the standby will result in asymmetric traffic through the cluster and not usually work.

topic Re: Management on Cluster-XL in Firewall and Security Management

Management on Cluster-XL

Re: Management on Cluster-XL