cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Vladimir
Pearl

ClusterXL on Take_70 does not function properly

I am actually not sure if the issue is specific to the R80.10_Take70 or if same could be applicable to the ealier HFAs.

The observed behavior is that Monitor shows incorrect status of the interfaces,  as compared to the Gaia WebUI and the ClusterXL status of the node shown as "active":

In green frames are the interfaces that were removed from the cluster member, from both, Network properties of the Cluster and the WebUI. "Get Interfaces" was executed and the policy was pushed and installed. Node was rebooted.

The removed interfaces have eventually disappeared from the cluster's properties, but I was not able to determine the logic behind timing. Needless to say, the "Refresh" button did not do anything.

In the red frames are the "Cluster" interfaces marked "Down", despite being "Up" in WebUI, yet ClusterXL shows as Up as does Device status.

If someone has encountered this before, please let me know how this issue was addressed.

Thank you,

Vladimir

8 Replies

Re: ClusterXL on Take_70 does not function properly

Not exactly the same, but I had issues Monitor showing incorrect info after take 42, was saying SIC was dead even though I was able to push policy and test SIC ok. Eventually it was resolved by CMA restart. So the question is if you have tried restarting Mgmt?

0 Kudos
Vladimir
Pearl

Re: ClusterXL on Take_70 does not function properly

Nope, didn’t think of it. I’ll give it a shot on Monday.

Thank you!

vlad@eversecgroup.com

+1.973.558.2738

0 Kudos

Re: ClusterXL on Take_70 does not function properly

Just to give you little more detail. It was really strange in our case too as only one VS amongst all and only one cluster member showed SIC problem. Went through loops and hoops with CP support trying to fix it - resetting SIC, debugging this, logging that. And at the end, for completely unrelated matter we stop/started MDS and sic problem disappeared.. weird. 

0 Kudos
Vladimir
Pearl

Re: ClusterXL on Take_70 does not function properly

Thank you Kaspars.

It is quite disturbing that the very tools admins supposed to use in daily operations may be buggy to the extend that they are. I understand that with any new release there are issues, but the R80.XX so far looks like MVP (minimally viable product). It is still more of a showcase of how we would like thinks to work, rather than how they are working Smiley Happy

Nonetheless, some of my clients insist on deploying or migrating to it, so I must oblige.

In this particular case, this is SMS, not MDS that shows weird data, but given your experience, it may be same or similar issue.

0 Kudos

Re: ClusterXL on Take_70 does not function properly

In R77.30 and earlier if the SmartView Monitor was displaying incorrect status information, you could clear the SmartConsole cache on the SMS by removing the CPMILinksMgr.db* and applications.C* files as mentioned here: sk100507: R77.x SmartConsole problems with Security Management Server / Multi-Domain Security Manage...

The rough equivalent for R80+ management is specified in this SK, and involves running the dropmonitoring.sh script on the SMS to drop the monitoring database table and allow it to rebuild: sk112058: Gateways & Servers view in R80 SmartConsole does not show statuses

Might be worth a try.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Vladimir
Pearl

Re: ClusterXL on Take_70 does not function properly

Thank you Tim.

I was aware of the R77 and earlier cache cleanup procedures, but have not seen one for R80.X yet.

May have to resort to it if the reboot of the SMS suggested by Kaspars will not work.

P.S. I have posted another question about LACP on 10G bonds some 20 minutes ago, but do not see it yet, do you know if someone should approve it?

0 Kudos
Vladimir
Pearl

Re: ClusterXL on Take_70 does not function properly

Tim, it is for some reason not shown in recent posts, but could be found in my activities:

https://community.checkpoint.com/thread/6685-no-lacp-on-2x10g-bond-with-cisco-3850 

If you can see it, I'd really appreciate your take on this issue.

Thanks,

Vladimir

0 Kudos

Re: ClusterXL on Take_70 does not function properly

Great tip Tim! Strange that support didn't know about it. Especially considering that case went to R&D..

0 Kudos