cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Checkpoint Standby Cluster is using VIP to communicate with outside

Hello Guys,

We have a checkpoint 15400 appliance clustered and we are having an issue with the standby cluster member.

  • We cannot ping our default gateway from the standby member but we can ping the same with our active member.

We noticed that our standby cluster member is using the virtual IP to communicate with outside instead of its own IP

Note: This issue started yesterday earlier it was working fine .

Any way to resolve this?

Thanks in advance.

5 Replies

Re: Checkpoint Standby Cluster is using VIP to communicate with outside

I would suggest to try fwha_forw_packet_to_not_active, a magical parameter:

Problem accessing standby cluster member from non-local network 

Try with just entering # fw ctl set int fwha_forw_packet_to_not_active 1 on both nodes, and if it hepls, enable on permanent basis in fwkern.conf.

Re: Checkpoint Standby Cluster is using VIP to communicate with outside

Hey did that in the first place didn't workout. Any other suggestions?

0 Kudos

Re: Checkpoint Standby Cluster is using VIP to communicate with outside

Re: Checkpoint Standby Cluster is using VIP to communicate with outside

Thank you for replying Aleksei mentioned the same discussion article so i checked it but it didn't work.

0 Kudos
Mike_A
Copper

Re: Checkpoint Standby Cluster is using VIP to communicate with outside

Does this issue have to do with your NAT configuration? Are you NAT'ing everything behind the cluster address as it is being sent out to the internet? Also here is another SK sk107432

0 Kudos