This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scott_Paisley
Advisor
‎2024-08-05 03:28 AM

Cloudguard cluster VPN termination fails after patching

This is a follow on from a previous question about Linux agent versions

We have several cloudguard clusters in Azure. We have VPN tunnels to each of them from various on-prem gateways, and also between them.

When we patch the gateways, they obviously reboot.

Several times now we have found that after patching, the VPN tunnels fail from one set of gateways (always a different set) to one of the gateways in the cluster. failing over the cluster restores service.

The solution so far has been to redeploy the failing gateway onto a different Azure host.

Has anyone else seen similar behaviour?

We are using our IP space advertised by Microsoft fro each gateway. Could that we relevant?

Thanks

0 Kudos
2 Replies
Jeff_Engel
Employee
Employee
‎2024-08-05 01:40 PM

Hi @Scott_Paisley 

Just to clarify, you mention "failing over the cluster restores service" but then you also mention that you need to redeploy the failing gateway onto a different Azure host. 

Are you saying that if you fail back to the other cluster member in Azure it still does not re-establish the VPN tunnel until completely redeployed?

BR!

Jeff

0 Kudos
Scott_Paisley
Advisor
‎2024-08-05 01:47 PM
In response to Jeff_Engel

Yes. It seems that after patching one of the gateways in the cluster ends up on a 'bad' host. If we fail over the cluster to the other gateway service is restored. If we fail back to the original gateway on the original host we lose service again. Redploying the bad gateway to a new host restores service again.

We have seen this behaviour 3 times now, with 2 different clusters in 2 different subscriptions

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events