Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Management on Cluster-XL

Hi

I am running a Checkpoint FW XL cluster with two physical appliances. Version R80.30 with take 191.

I have an issue with the secondary node. I can not reach it on HTTPS on the management port. I can reach it fine with SSH. But SSH gives a Connection Refused. If primary node is down I can reach with HTTPS. So no routing error. I can see the packet accepts in the firewall log. Also if use a server in the same subnet as the firewall I will reach it through https..

I use an inline vlan as management port, and I have defined it as mgmt in Checkpoint GAIA.

The physical mgmt port is not in use, and its not possible to use.

Anyone have any tips?

0 Kudos
1 Reply
Highlighted

Re: Management on Cluster-XL

Which interface address on the standby node are you using for your HTTPS/SSH connection?  You need to use the interface IP address that is "facing" or closest to where you are initiating the connection from.  Trying to use an interface address that is not facing you for direct HTTPS/SSH connections to the standby will result in asymmetric traffic through the cluster and not usually work.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos