This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KnutG
Participant
‎2023-01-13 01:01 AM
Jump to solution

Logical server failover not working

We have a problem with Connectcontrol and logical server with 2 hosts. When we take down one of the hosts behind the logical server it seems like it doesnt know that the host is down and keeps sending traffic towards it, witch result in error at the clientside ofcourse.

Any tips is appreciated

Rgds

Knut

0 Kudos
1 Solution

Accepted Solutions
KnutG
Participant
‎2023-01-16 05:53 AM
In response to _Val_
Jump to solution

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

MicrosoftTeams-image (4).png

View solution in original post

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2023-01-13 10:21 AM
Jump to solution

Review the following SK for supported configurations: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
I believe this is expected behavior since we're not monitoring the remote server at all. 

(1)
KnutG
Participant
‎2023-01-16 04:40 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy

Thanks for the reply. 

According to the document you mention, it states this:

ConnectControl runs on the Security Gateway and does not impose any additional memory or processing requirements. It continuously checks the availability of each server, and if a server fails or is unreachable, ConnectControl stops directing connections to that server until it becomes available

However when a server becomes unavailable, no new connections can be made to any of the remaining servers in the group either? 

0 Kudos
_Val_
Admin
Admin
‎2023-01-16 04:47 AM
In response to KnutG
Jump to solution

Hi @KnutG 

There is an internal note on that SK stating that this feature is considered a legacy one, and has not been developed or tested on any of the supported versions today. 

You may want to open a TAC request, to get an official answer here. Personally, I would advise putting an application load-balancer before the servers instead of using a ConnectControl feature. 

0 Kudos
KnutG
Participant
‎2023-01-16 04:58 AM
In response to _Val_
Jump to solution

Thanks _Val_

We are trying to eliminate singel point of failure, so adding an extra point of failure is defeating the purpose.

Everything works very well as long as all members are alive, when one member dies, the gateway stops serving all request, when bringing the dead server online again every thing starts to act normal again and gets distributed evenly.

0 Kudos
_Val_
Admin
Admin
‎2023-01-16 05:19 AM
In response to KnutG
Jump to solution

I understand. Look here, just in case: https://www.nginx.com/products/nginx/high-availability/

0 Kudos
KnutG
Participant
‎2023-01-16 05:53 AM
In response to _Val_
Jump to solution

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

MicrosoftTeams-image (4).png

0 Kudos
_Val_
Admin
Admin
‎2023-01-16 06:20 AM
In response to KnutG
Jump to solution

Great, I am happy it is working for you now. Legacy service note, it still stands 🙂

0 Kudos
Peter_Lyndley
Advisor
Advisor
‎2023-10-09 02:46 AM
In response to KnutG
Jump to solution

Every available version of the admin guides, still states that Server Persistency - by server - works and is available to use - however it does not.

If there is an Internal SK note, not publically available, how are we meant to prove to customers that this feature is no longer there and they need a different solution ? Can someone double confirm that Server Persistency cannot work (due to no healthchecking of the servers) and make it public please.

PhoneBoy
Admin
Admin
‎2023-10-09 01:15 PM
In response to Peter_Lyndley
Jump to solution

We've recently updated https://support.checkpoint.com/results/sk/sk31162 to list the options that are supported.
It does not explicitly mention the "persistent server" option as unsupported, but I suspect it isn't.
I will see if we can get the SK updated with this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events