https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/126942#M572 <P>Hello CheckMates,</P><P>We have a Maestro Dual Site / Dual Orchestrator (2 MHOs - 2 MHOs) new deployment with R80.20SP (MHO) and R80.30SP (SGM) software versions. Only 1 SG is configured and installed as VSX/VSLS.<BR />Site1 looks fine, Chassis 1 ACTIVE and SGMs are both ACTIVE as well, but Site2 Chassis 2 DOWN and SGMs are both LOST <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span><BR />The only one SG consists of the Site1 SGMs currently, but Site2 SGMs are not in the group and not even FTW ran on them. Cabling and port types and amounts and IDs and ssm_sync and site_sync and magg are okay in my opinion.</P><P>As a reference sk168092 <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168092&amp;partition=Basic&amp;product=Quantum" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168092&amp;partition=Basic&amp;product=Quantum</A><BR />Scenario #2 is the relevant deployment.</P><P>At the bottom of the website:<BR />Testing Dual-Site infrastructure<BR />Connectivity between Orchestrators at different sites:</P><P>From MHO1_1 ping MHO 2_1: ping 203.0.113.15<BR />From MHO1_2 ping MHO 2_2: ping 203.0.113.16<BR />If there is no ping, check VLANs 3951 and 3952 accordingly</P><P>Connectivity between Orchestrators at the same site:<BR />From MHO1_1 ping MHO1_2: ping 192.0.2.2<BR />From MHO2_1 ping MHO2_2: ping 192.0.2.16<BR />If there is no ping, check the Sync cable between Orchestrators within the same site.</P><P>Connectivity between SGMs (appliances)<BR />From SGM1_1 ping SGM2_1 on sync network: ping 192.0.2.15<BR />If there is no ping, check VLANs 3600 and 3601.</P><P>All ICMP test are okay!</P><P>I detached all the Site2 SGMs from the SG and attached again, all appliances were restarted, but the issue is the same and I'm stucked at this point.<BR />There is an open SR regarding this with more info shared, but no progress yet.</P><P>site_sync connected switch port config:<BR />interface Ethernetx/xx<BR />description site_sync<BR />switchport<BR />switchport mode dot1q-tunnel<BR />switchport access vlan xx<BR />spanning-tree bpdufilter enable<BR />mtu 9216<BR />storm-control broadcast level 2.00<BR />storm-control action trap<BR />no shutdown</P><P>Maestros, do you have any idea, good advice or what to check? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Thank you in advance!</P> Fri, 13 Aug 2021 13:57:01 GMT Garbo 2021-08-13T13:57:01Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/126942#M572 <P>Hello CheckMates,</P><P>We have a Maestro Dual Site / Dual Orchestrator (2 MHOs - 2 MHOs) new deployment with R80.20SP (MHO) and R80.30SP (SGM) software versions. Only 1 SG is configured and installed as VSX/VSLS.<BR />Site1 looks fine, Chassis 1 ACTIVE and SGMs are both ACTIVE as well, but Site2 Chassis 2 DOWN and SGMs are both LOST <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span><BR />The only one SG consists of the Site1 SGMs currently, but Site2 SGMs are not in the group and not even FTW ran on them. Cabling and port types and amounts and IDs and ssm_sync and site_sync and magg are okay in my opinion.</P><P>As a reference sk168092 <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168092&amp;partition=Basic&amp;product=Quantum" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk168092&amp;partition=Basic&amp;product=Quantum</A><BR />Scenario #2 is the relevant deployment.</P><P>At the bottom of the website:<BR />Testing Dual-Site infrastructure<BR />Connectivity between Orchestrators at different sites:</P><P>From MHO1_1 ping MHO 2_1: ping 203.0.113.15<BR />From MHO1_2 ping MHO 2_2: ping 203.0.113.16<BR />If there is no ping, check VLANs 3951 and 3952 accordingly</P><P>Connectivity between Orchestrators at the same site:<BR />From MHO1_1 ping MHO1_2: ping 192.0.2.2<BR />From MHO2_1 ping MHO2_2: ping 192.0.2.16<BR />If there is no ping, check the Sync cable between Orchestrators within the same site.</P><P>Connectivity between SGMs (appliances)<BR />From SGM1_1 ping SGM2_1 on sync network: ping 192.0.2.15<BR />If there is no ping, check VLANs 3600 and 3601.</P><P>All ICMP test are okay!</P><P>I detached all the Site2 SGMs from the SG and attached again, all appliances were restarted, but the issue is the same and I'm stucked at this point.<BR />There is an open SR regarding this with more info shared, but no progress yet.</P><P>site_sync connected switch port config:<BR />interface Ethernetx/xx<BR />description site_sync<BR />switchport<BR />switchport mode dot1q-tunnel<BR />switchport access vlan xx<BR />spanning-tree bpdufilter enable<BR />mtu 9216<BR />storm-control broadcast level 2.00<BR />storm-control action trap<BR />no shutdown</P><P>Maestros, do you have any idea, good advice or what to check? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Thank you in advance!</P> Fri, 13 Aug 2021 13:57:01 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/126942#M572 Garbo 2021-08-13T13:57:01Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/139615#M762 <P>Hello Garbo, than you for share switch's configuration. Can you share also the Inter-site link configuration?<BR /><BR /><SPAN>MHO 1 &lt;---&gt; SW1 &lt;-------Inter-site link-------&gt;SW2&lt;---&gt;MHO2</SPAN></P><P>My ICMP test isn´t OK</P><P>Thank you!</P> Wed, 26 Jan 2022 18:43:26 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/139615#M762 Fernando_Lopez 2022-01-26T18:43:26Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/139637#M763 <P>Typically QinQ support is required on this link, which version are the MHO/SGMs in your deployment?</P> <P>R81.10 provides some flexibility here that you may wish to discuss with TAC otherwise.</P> Wed, 26 Jan 2022 23:07:20 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Maestro-Dual-Site-Dual-Orchestrator-Deployment-Site2-SGMs-LOST/m-p/139637#M763 Chris_Atkinson 2022-01-26T23:07:20Z