This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
xLadyMorgana
Participant
‎2024-11-13 08:31 AM
Jump to solution

VSX Virtual Systems Issue

Hi All, 

I'm building a new VSX in our environment and noticed that when creating virtual systems, they are not being created with HA and keep giving the 'HA module not started' when running the cphaprob stat command. i can't seem to figure out how to turn this on. Does anyone have any insight on this? I do have a TAC case open but figured I'd try to get some knowledge here as well.

This VSX cluster does have VSLS enabled. 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-11-14 05:42 AM
In response to xLadyMorgana
Jump to solution

HA status is, at least partially, a function of the installed policy.
No policy, no HA.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2024-11-13 09:09 AM
Jump to solution

Have you installed policy to the VS in question?
Also what version/JHF is this?

xLadyMorgana
Participant
‎2024-11-13 10:15 AM
In response to PhoneBoy
Jump to solution

This is on R81.20 take 84. 

The policy actually keeps failing to push on the VS due to updatable object issue saying the package is missing on the gateway. I'm thinking this might be something related to DNS, as I've seen this error before due to a DNS issue.

I will say tho also, shouldnt the Virtual systems be automatically created with HA? regardless of a DNS issue.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-14 05:42 AM
In response to xLadyMorgana
Jump to solution

HA status is, at least partially, a function of the installed policy.
No policy, no HA.

xLadyMorgana
Participant
‎2024-11-14 07:14 AM
In response to PhoneBoy
Jump to solution

Thank you PhoneBoy. I definitely did not realize that the HA would show as not started if there was no policy. 

0 Kudos
xLadyMorgana
Participant
‎2024-11-26 06:44 AM
In response to PhoneBoy
Jump to solution

Just to keep this thread up to date. it looks like the team who configured the switch side of things had changed the native vlan from the default, which is not supported. once that was changed back to default, we were able to push policy. 

Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-11-26 04:56 PM
In response to xLadyMorgana
Jump to solution

sk120684 documents this when working with Bonds.

CCSM R77/R80/ELITE
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2024-11-13 02:47 PM
Jump to solution

As already mentioned, you have to install policy after VS creation.

If you have troubles with policy installation for existing policy package, try to create new policy package with any-any-any-drop rule as the only rule and install it on newly created VS.

Kind regards,
Jozko Mrkvicka
0 Kudos
xLadyMorgana
Participant
‎2024-11-14 07:15 AM
In response to JozkoMrkvicka
Jump to solution

We did try this and still failed. I will need to dig deeper internally once again and see if the networking side of things is configured properly. Thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events