Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
C_M
Contributor

Active Standby switched in HA

I got an alert that the HA status changed on a cluster of Check Point firewalls. cphaprob stat confirms this. I'm sort of new to Check Point. What are some next steps to troubleshooting why it changed?

This happened about 12 hours ago. So /var/log/messages doesn't show that far back.

6 Replies
PhoneBoy
Admin
Admin

What about /var/log/messages.*? 

mdjmcnally
Advisor

There may also be some logs in the regular Check Point logs regarding the Failover.

 

G_W_Albrecht
Legend
Legend

Extract the ClusterXL logs from the SmartView Tracker:
- #Go to the right-most column "Information"
- #Right click on the name of the column
- #Click on "Edit filter"
- #Under "Specific" choose "Contains"
- #In "Text" type the word "cluster_info" (do not check any boxes)
- #Click on "OK"
- #Go to all the empty columns:
- #"Source", "Destination", "Rule", "Curr Rule Number", #"Rule Name", "Source Port", "User"
- #Right click on the name of the column
- #Click on "Hide Column" (After closing and re-opening SmartView Tracker the columns will re-appear)
- #Go to menu "File"
- click on "Export…"
- This will save all the Cluster messages
CCSE CCTE CCSM SMB Specialist
Timothy_Hall
Champion
Champion

Use log filter type:Control in the SmartConsole to show all ClusterXL messages caused by a failover.  It will also show some other non-ClusterXL messages but is a good place to start.  The solution posted by @G_W_Albrecht will work as well.  If you are using R80.20+ cphaprob stat should provide a terse reason for the last failover, the command cphaprob show_failover can be used as well.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
C_M
Contributor

Thanks all!

 

 

Why are "5 interfaces required"? or is just saying an interface went down.

0 Kudos
mdjmcnally
Advisor

The number of interfaces required depends upon the number of interfaces in the cluster in use.  Without knowing the topology then no-one can really comment on how many interfaces you would need up in a cluster.

The important part in the message is that the Mgmt Interface went down for some reason.

Would check the switch that the interface connects too, see if any events/logs from that may correspond with the Firewall swapover.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events