cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Active Standby switched in HA

I got an alert that the HA status changed on a cluster of Check Point firewalls. cphaprob stat confirms this. I'm sort of new to Check Point. What are some next steps to troubleshooting why it changed?

This happened about 12 hours ago. So /var/log/messages doesn't show that far back.

6 Replies
Highlighted
Admin
Admin

Re: Active Standby switched in HA

What about /var/log/messages.*? 

Highlighted
Silver

Re: Active Standby switched in HA

There may also be some logs in the regular Check Point logs regarding the Failover.

 

Highlighted

Re: Active Standby switched in HA

Extract the ClusterXL logs from the SmartView Tracker:
- #Go to the right-most column "Information"
- #Right click on the name of the column
- #Click on "Edit filter"
- #Under "Specific" choose "Contains"
- #In "Text" type the word "cluster_info" (do not check any boxes)
- #Click on "OK"
- #Go to all the empty columns:
- #"Source", "Destination", "Rule", "Curr Rule Number", #"Rule Name", "Source Port", "User"
- #Right click on the name of the column
- #Click on "Hide Column" (After closing and re-opening SmartView Tracker the columns will re-appear)
- #Go to menu "File"
- click on "Export…"
- This will save all the Cluster messages
Highlighted

Re: Active Standby switched in HA

Use log filter type:Control in the SmartConsole to show all ClusterXL messages caused by a failover.  It will also show some other non-ClusterXL messages but is a good place to start.  The solution posted by @G_W_Albrecht will work as well.  If you are using R80.20+ cphaprob stat should provide a terse reason for the last failover, the command cphaprob show_failover can be used as well.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nickel

Re: Active Standby switched in HA

Thanks all!

 

 

Why are "5 interfaces required"? or is just saying an interface went down.

0 Kudos
Highlighted
Silver

Re: Active Standby switched in HA

The number of interfaces required depends upon the number of interfaces in the cluster in use.  Without knowing the topology then no-one can really comment on how many interfaces you would need up in a cluster.

The important part in the message is that the Mgmt Interface went down for some reason.

Would check the switch that the interface connects too, see if any events/logs from that may correspond with the Firewall swapover.

0 Kudos