topic ISP redunancy issue. in Hyperscale Firewall (Maestro) https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/ISP-redunancy-issue/m-p/158904#M1704 <P>Hi,</P><P>- We are having 44k device, where isp redundancy is enabled.</P><P>- R80.20 SP GAIA OS.</P><P>ch02-02 &gt; cphaprob stat</P><P>Cluster Mode: HA Over LS</P><P>ID Unique Address Assigned Load State Name</P><P>1 192.0.*.* 33% ACTIVE FW-ch01-01<BR />2 192.0.*.2 33% ACTIVE FW-ch01-02<BR />3 192.0.*.3 33% ACTIVE FW-ch01-03<BR />15 192.0.*.15 33% ACTIVE FW-ch02-01<BR />16 (local) 192.0.*.16 33% ACTIVE FW-ch02-02<BR />17 192.0.*.* 33% ACTIVE FW-ch02-03</P><P><BR />Active PNOTEs: None</P><P>&nbsp;</P><P>- cpstat fw shows isp redundnacy is proper</P><P>&nbsp;</P><P>ISP link table<BR />---------------------<BR />|Name|Status|Role |<BR />---------------------<BR />|NKN |OK |Primary|&nbsp; ----&gt; works well (eth1-02)<BR />|BSNL|OK |Backup | ----&gt; does not work.(eth1-01)</P><P>---------------------</P><P>- All configuration seems fine, but the traffic through secondary link(BSNL) doesnot work.</P><P>&nbsp;</P><P>traffic initiating frim checkpoint firewall</P><P>-&nbsp;FW-ch02-02 &gt; ping -I eth1-01 8.8.8.8<BR />PING 8.8.8.8 (8.8.8.8) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.<BR />From 1**.2**.1**.**a icmp_seq=1 Destination Host Unreachable<BR />From 1**.2**.1**.**a icmp_seq=2 Destination Host Unreachable</P><P>&nbsp;</P><P>FW-ch02-02 &gt; ping -I eth1-01 1**.2**.1**.**b<BR />PING&nbsp;1**.2**.1**.**b (1**.2**.1**.**b) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.<BR />64 bytes from 1**.2**.1**.**b: icmp_seq=1 ttl=255 time=0.734 ms</P><P>&nbsp;</P><P>- but when secondary isp directly connected to laptop, internet reachability is fine.</P><P>C:\Users\RS&gt;tracert 8.8.8.8</P><P>Tracing route to dns.google [8.8.8.8]<BR />over a maximum of 30 hops:</P><P>1 &lt;1 ms &lt;1 ms &lt;1 ms 1**.2**.1**.**b<BR />2 1 ms 1 ms 1 ms 172.24.221.154<BR />3 * * * Request timed out.<BR />4 * * * Request timed out.<BR />5 11 ms 11 ms 11 ms 142.250.172.220<BR />6 12 ms 12 ms 12 ms 172.253.68.113<BR />7 14 ms 13 ms 13 ms 142.251.52.215<BR />8 12 ms 12 ms 12 ms dns.google [8.8.8.8]</P><P>&nbsp;</P><P>Let me know what else needs to be checked here.</P><P>Or anyone faced similar kind of issue previously.</P><P>&nbsp;</P><P>Regards</P><P>Shira</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 06 Oct 2022 13:35:51 GMT Shira 2022-10-06T13:35:51Z ISP redunancy issue. https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/ISP-redunancy-issue/m-p/158904#M1704 <P>Hi,</P><P>- We are having 44k device, where isp redundancy is enabled.</P><P>- R80.20 SP GAIA OS.</P><P>ch02-02 &gt; cphaprob stat</P><P>Cluster Mode: HA Over LS</P><P>ID Unique Address Assigned Load State Name</P><P>1 192.0.*.* 33% ACTIVE FW-ch01-01<BR />2 192.0.*.2 33% ACTIVE FW-ch01-02<BR />3 192.0.*.3 33% ACTIVE FW-ch01-03<BR />15 192.0.*.15 33% ACTIVE FW-ch02-01<BR />16 (local) 192.0.*.16 33% ACTIVE FW-ch02-02<BR />17 192.0.*.* 33% ACTIVE FW-ch02-03</P><P><BR />Active PNOTEs: None</P><P>&nbsp;</P><P>- cpstat fw shows isp redundnacy is proper</P><P>&nbsp;</P><P>ISP link table<BR />---------------------<BR />|Name|Status|Role |<BR />---------------------<BR />|NKN |OK |Primary|&nbsp; ----&gt; works well (eth1-02)<BR />|BSNL|OK |Backup | ----&gt; does not work.(eth1-01)</P><P>---------------------</P><P>- All configuration seems fine, but the traffic through secondary link(BSNL) doesnot work.</P><P>&nbsp;</P><P>traffic initiating frim checkpoint firewall</P><P>-&nbsp;FW-ch02-02 &gt; ping -I eth1-01 8.8.8.8<BR />PING 8.8.8.8 (8.8.8.8) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.<BR />From 1**.2**.1**.**a icmp_seq=1 Destination Host Unreachable<BR />From 1**.2**.1**.**a icmp_seq=2 Destination Host Unreachable</P><P>&nbsp;</P><P>FW-ch02-02 &gt; ping -I eth1-01 1**.2**.1**.**b<BR />PING&nbsp;1**.2**.1**.**b (1**.2**.1**.**b) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.<BR />64 bytes from 1**.2**.1**.**b: icmp_seq=1 ttl=255 time=0.734 ms</P><P>&nbsp;</P><P>- but when secondary isp directly connected to laptop, internet reachability is fine.</P><P>C:\Users\RS&gt;tracert 8.8.8.8</P><P>Tracing route to dns.google [8.8.8.8]<BR />over a maximum of 30 hops:</P><P>1 &lt;1 ms &lt;1 ms &lt;1 ms 1**.2**.1**.**b<BR />2 1 ms 1 ms 1 ms 172.24.221.154<BR />3 * * * Request timed out.<BR />4 * * * Request timed out.<BR />5 11 ms 11 ms 11 ms 142.250.172.220<BR />6 12 ms 12 ms 12 ms 172.253.68.113<BR />7 14 ms 13 ms 13 ms 142.251.52.215<BR />8 12 ms 12 ms 12 ms dns.google [8.8.8.8]</P><P>&nbsp;</P><P>Let me know what else needs to be checked here.</P><P>Or anyone faced similar kind of issue previously.</P><P>&nbsp;</P><P>Regards</P><P>Shira</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 06 Oct 2022 13:35:51 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/ISP-redunancy-issue/m-p/158904#M1704 Shira 2022-10-06T13:35:51Z Re: ISP redunancy issue. https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/ISP-redunancy-issue/m-p/158927#M1705 <P>What JHF are you on?<BR />ISP Redundancy isn't supported until JHF 305.<BR /><A href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk155832" target="_blank">https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk155832</A>&nbsp;</P> <P>On a separate note, R80.20SP will be End of Support in Feb 2023, so hopefully you are planning an upgrade in the near future.<BR /><BR /></P> Thu, 06 Oct 2022 16:27:25 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/ISP-redunancy-issue/m-p/158927#M1705 PhoneBoy 2022-10-06T16:27:25Z