This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Corey_Clark
Explorer
‎2022-08-19 01:16 PM

R80.40 Cluster on Hyper-V

Has anyone see issues with the standby firewall communicating through active as it should when installedin Hyper-V.  I have seen this in at least 3 different clusters so far.  Traffic is seen leaving standby on sync interface, but never appears to never arrive at the active firewall. 

Thanks,

Corey  

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-08-19 10:00 PM

Hi Corey,

Not aware of a Hyper-V specific behaviour myself but that doesn't mean there isn't something unique there.

Meanwhile take a look at sk169154 and see if it assists with your situation (may also require a CCP tweak in consultation with TAC).

Refer also: sk167453

CCSM R77/R80/ELITE
0 Kudos
Gary_Scott
Contributor
‎2022-08-22 06:32 AM
In response to Chris_Atkinson

I think this is due to hyper-V rejecting forged transmits. For a work around running fw ctl set int fwha_cluster_hide_active_only 0 per sk169154 does send the traffic out of the ext interface instead of the sync and with a no NAT rule for the cluster members traffic from the secondary now works. How can this be set to survive a reboot, fwkern.conf file with fw ctl set int fwha_cluster_hide_active_only 0 does not apply this parameter upon a reboot. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-22 06:50 AM
In response to Gary_Scott

Did you configure it like below or something else?

fwha_cluster_hide_active_only=0

CCSM R77/R80/ELITE
0 Kudos
Gary_Scott
Contributor
‎2022-08-22 07:01 AM
In response to Chris_Atkinson

Something else,  "fw ctl set -f int fwha_cluster_hide_active_only 0" used sk16202 as a reference. Just tried "fwha_cluster_hide_active_only=0" and that worked. Thank you! 

0 Kudos
Corey_Clark
Explorer
‎2022-08-22 06:56 AM
In response to Chris_Atkinson

That would be my next step, just wanted to see if anyone else had experienced this behavior on hyper-v installations.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-22 07:10 AM
In response to Corey_Clark

Understood, seems Gary is testing for you. 😉

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events