Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
flachance
Advisor
Jump to solution

after upgrade cluster member shows as disconnected

We performed a side by side Azure Cloudguard cluster upgrade. Old cluster was R80.40, new one R81.10

 

After the upgrade in SmartConsole one of the member shows as if disconnected, but we can reach it and push policy to it. Also in the recommended Jumbo column it shows old R80.40 info.

Not seeing blocked or dropped traffic to it. Any suggestions?

Capture.JPG

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Is there a VPN involved?

Have you reviewed sk163076 & sk166495?

Otherwise if the problem persists with a more recent JHF version installed please investigate the issue further with TAC.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
7 Replies
the_rock
Legend
Legend

Never seen that on Azure, but on prem fw and once it got rebooted again, all was fine. Cant really say for sure what would cause it, specially since its a clusster. if you run fw ver or cpinfo -y FW1, does it show correct version/jumbo?

 

0 Kudos
flachance
Advisor

We've rebooted a few times and no changes.

fw ver 

This is Check Point's software version R81.10 - Build 006

cpinfo -y FW1

This is Check Point CPinfo Build 914000219 for GAIA
[FW1]
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE
HOTFIX_R81_10_JUMBO_HF_MAIN Take: 30

FW1 build number:
This is Check Point's software version R81.10 - Build 006
kernel: R81.10 - Build 008

0 Kudos
the_rock
Legend
Legend

K, fair enough. What does it say if you hover the mouse over red X sign?

Andy

0 Kudos
flachance
Advisor

Connection with 'atIcGw2' is lost

0 Kudos
the_rock
Legend
Legend

K, just an idea. I know this is never recommended during the work hours, but since its broken anyway, are you able to unload policy on it, just to be 100% sure its nothing with policy causing it? Also, Im sure SIC works, as you said you could push policy to it after the upgrade. What does cpwd_admin list show?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Is there a VPN involved?

Have you reviewed sk163076 & sk166495?

Otherwise if the problem persists with a more recent JHF version installed please investigate the issue further with TAC.

CCSM R77/R80/ELITE
0 Kudos
flachance
Advisor

sk163076 (rebooting the management server) fixed it. Thanks!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.