This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prashan_Attanay
Collaborator
‎2017-11-19 10:43 PM

Can anyone explain out of cphaprob -l list

Hi Mates,

Can checkmates explain this output to me ?

cphaprob -l list

Built-in Devices:

Device Name: Interface Active Check
Current state: OK

Device Name: Recovery Delay
Current state: OK

Registered Devices:

Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 570414 sec

Device Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 219606 sec

Device Name: routed
Registration number: 2
Timeout: none
Current state: OK
Time since last report: 219587 sec

Device Name: cphad
Registration number: 3
Timeout: 30 sec
Current state: OK
Time since last report: 219606 sec
Process Status: UP

Device Name: fwd
Registration number: 4
Timeout: 30 sec
Current state: OK
Time since last report: 570479 sec
Process Status: UP

0 Kudos
6 Replies
Marco_Valenti
Advisor
‎2017-11-20 01:25 AM

tldr version those are the devices that cluster xl register for initiate a failover whit his cluster member, when one of them report and error a failover is initiated , every of them are in charge of different mechanism , atrg for cluster xl and clusterxl admin guide can help you with better understanding of this devices

Prashan_Attanay
Collaborator
‎2017-11-20 01:35 AM
In response to Marco_Valenti

I didn't understand what you said Marco

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2017-11-20 01:41 AM

This is a longer read about ClusterXL technology and understanding how it works. I'm pretty sure it is covered by CCSA course, but if that was not enough you can read in more details in "Advanced Technical Reference Guide (ATRG) for ClusterXL - R6x, R7x and R8x" in the User Center.

In nutshell - it gives you the status of the cluster and it's critical processes 

If you remove the -l flag you will get a shorter output that will hide all things that are working as expected. Probably better option in your case if you are not familiar with it.

I would normally start with cphaprob stat and then progress to cphaprob list and cphaprob -a if commands if there was a problem

Prashan_Attanay
Collaborator
‎2017-11-20 02:13 AM
In response to Kaspars_Zibarts

Hi Kaspars,

I'm aware of those commands, what i want to understand is output Smiley Happy 

Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 570414 sec

In here device name is Synchronization, what is that mean ?

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2017-11-20 06:31 AM
In response to Prashan_Attanay

The output of the cphaprob -l list command displays a list of tests (technical term is "pnotes") the cluster member runs against itself to determine if it is what I call "impaired" or not.  The goal here is to detect partial failures and report them to the other members of the cluster via CCP, and whichever cluster member is in the best state with the fewest number of failures "wins" and goes active.  If both cluster members experience a simultaneous equal failure, nothing happens and the currently active member continues to pass traffic.

Here are the tests and what they are trying to do:

Device Name: Interface Active Check

Are all monitored cluster interfaces up, and can we successfully see all other members of the cluster via CCP?  Failure example: unplug a firewall's interface or put it on the wrong VLAN where it can't see the other cluster member(s).  This test can also fail if all the cluster members can see only themselves on an interface, but can't see at least one other responding IP address on the VLAN with them, such as a router.  This test can also fail occasionally if switches don't reliably handle the multicast CCP traffic.

Device Name: Recovery Delay

After coming back up after a reboot/crash and taking a full sync from the active member, wait a certain period of time before going standby or active.  Similar to VRRP cold start delay and helps suppress cluster flapping if it is occurring.

Device Name: Synchronization

Can we successfully send and receive sync updates from the other member(s) on the private sync network?  Failure example: reboot one member or unplug sync interface.

Device Name: Filter

Is a security policy currently loaded?  Failure example: run fw unloadlocal

Device Name: routed

Is our routing process (formerly called FIB) up and running?  Failure example: routed process crashes, firewall's routing tables go stale as a result if using dynamic routing protocol(s).

Device Name: cphad

Is Check Point HA function working?  I think this used to be an actual process called cphad but is mostly in the kernel now.  Failure example: run cphastop

Device Name: fwd

Is the fwd process which handles logs and is the parent process for many firewall processes (formerly called security servers) up and running on the gateway?  Failure example: fwd process crashes or is killed by administrator

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Prashan_Attanay
Collaborator
‎2017-11-20 08:32 PM
In response to Timothy_Hall

Thank you Tim

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events