This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2020-01-31 04:02 PM

Azure Cluster Issue

I am use a R80.30 Azure Cluster!

The cluster does not move to the second gateway in case of error.

When I start the following script, I get an error (see picture).

# $FWDIR/scripts/azure_ha_test.py

Azure.JPG

And a few minutes later everything is shown as successful.

Azure2.JPG

Even if everything is displayed correctly, the cluster will not work properly. As soon as the active gateway changes status, the routes in azure are not modified. Therefore no packets are forwarded.

What can I do here?
Or should I open a TAC case!

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-02-01 07:24 PM

Heiko,

Does the failover occur if you wait (takes a long time) or not at all and how are you triggering the failover test?

Consulting TAC may well be the path to resolution.

Regards,

Chris

CCSM R77/R80/ELITE
0 Kudos
Roman_Kats
Employee
Employee
‎2020-02-02 12:21 AM

Hi Heiko,

Could you open a TAC case for this issue?

Thanks

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2020-02-02 01:36 AM
In response to Roman_Kats

Yes, I'll do it on Monday.

Thanks

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Martin_Valenta
Advisor
‎2020-02-02 11:28 PM

Why still cluster, why not to use scale sets?
0 Kudos
mdjmcnally
Advisor
‎2020-02-03 12:04 AM

Quick Question but why with R80.30 would the routes need to update.

Whenever deployed even since R80.20 then has used the Front End Load Balancer with a HealthCheck to fail over the inbound and you point the UDR for the Subnets at the Back End Load Balancer, so that they don't need to update.

As such the Health Check on the Load Balancers is what controls the failover in the current images.

The Load Balancers perform a HealthCheck against the two Firewalls Interface IP but only the Active Cluster Member responds so the Load Balancer sends the traffic to the IP that responds, it doesn't need to reconfigure.

UDR routes point at the Back End Load Balancer that does the same Health Check but the IP of the Back End Load Balancer doesn't change so the Routes in the UDR don't need to update.

Apologies if misunderstood your post.

0 Kudos
Matthias_Haas
Advisor
‎2020-02-03 02:24 AM
In response to mdjmcnally

I agree with mdjmcnally.

you may check which template version you are running:

cat /etc/in-azure

If its below "20180301" then no internal/backend loadbalancer was used, I believe, see sk122793 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events