- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi Experts
We've configured cluster (HA) and we see 2 interfaces are down in Active and 4 interfaces are Down in standby firewall. Is this due to cabling problem in the switch. Please assist.
Active Device:
****************
[Expert@FW]# cphaprob stat
Cluster Mode: High Availability (Primary Up) with IGMP Membership
Number Unique Address Assigned Load State
1 (local) 192.168.252.253 100% Active Attention
2 192.168.252.254 0% Down
[Expert@FW]# cphaprob -a if
Required interfaces: 8
Required secured interfaces: 1
Mgmt UP non sync(non secured), multicast
Sync UP sync(secured), multicast
Lan1 UP non sync(non secured), multicast
Lan2 UP non sync(non secured), multicast
Lan3 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast ---->>>
Lan4 Inbound: UP Outbound: DOWN (16151.5 secs) non sync(non secured), multicast 
Lan5 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast  --->>>>
Lan6 UP non sync(non secured), multicast
Standby Device:
******************
[Expert@FW]# cphaprob stat
Cluster Mode: High Availability (Primary Up) with IGMP Membership
Number Unique Address Assigned Load State
1 192.168.252.253 100% Active Attention
2 (local) 192.168.252.254 0% Down
[Expert@FW]# cphaprob -a if
Required interfaces: 8
Required secured interfaces: 1
Mgmt UP non sync(non secured), multicast
Sync UP sync(secured), multicast
Lan1 UP non sync(non secured), multicast
Lan2 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast  
Lan3 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast  ------->>>>
Lan4 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast 
Lan5 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast   ------->>>>>
Lan6 UP non sync(non secured), multicast
Hi,
- check multicast droping on switch
- check interface errors „netstat -in“
> show for rx-errors (drop,overload,....)
- as next step set ccp to broadcast
Switch drops Check Point CCP packets when CCP is working in multicast mode
The cphaprob -a if command shows Inbound: UP, Outbound: DOWN
Critical Device "Interface Active Check" on ClusterXL Member reports its state as "problem"
How to troubleshoot failovers in ClusterXL - Advanced Guide
ClusterXL member is down due to Monitor Mode being enabled on a cluster interface
I think it's a CCP problem.
Use the following command to check the CCP packet:
# tcpdump -i LanX -nnn -vvv -e port 8116
Change LanX to your ethernet interface.
Now, you can see all 100 ms a packet from GW A to GW B and the other way around. If the packets are not visible, it is a multicast problem on the switch. In that case, test it with CCP broadcast. To do this, execute the following command on both gateways.
# cphaconf set_ccp broadcast
Hi Srinivasan,
I think heiko described the right way. But I have another comment. You can also turn off multicast monitoring / security on the switch.
Regards
Julian
Hi Heiko
Thanks for the reply. When I applied this on the Sync and Lan4 interfaces , I see below logs. And Cluster-ID seems same on both firewalls.
Active
*******
[Expert@FW]# tcpdump -i Sync -nnn -vvv -e port 8116
tcpdump: listening on Sync, link-type EN10MB (Ethernet), capture size 96 bytes
23:13:36.515776 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.519628 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.519665 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:36.519673 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.553935 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.574478 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 138: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 124) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 96
23:13:36.595023 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.600765 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.615789 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.619641 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.653936 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.674492 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.695025 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.700825 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.700829 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:36.715814 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.719660 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.719693 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.753988 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 7689!] UDP, length 40
23:13:36.759984 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 1410: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 1396) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 1368
23:13:36.774506 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.795027 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.800868 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.815840 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.854039 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.874521 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.895028 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.900928 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.900934 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:36.915864 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.919711 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.919744 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 162: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 148) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 120
23:13:36.954091 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.974528 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.995030 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:37.000922 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:37.000928 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:37.015903 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:37.019771 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:37.019793 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 162: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 148) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 120
23:13:37.054143 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
[Expert@FW# cphaconf cluster_id get
cphaconf cluster_id: 17
==================
Standby
*********
[Expert@FW]# tcpdump -i Sync -nnn -vvv -e port 8116
tcpdump: listening on Sync, link-type EN10MB (Ethernet), capture size 96 bytes
23:14:06.598944 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.609044 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.615764 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.637632 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.653214 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.686510 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.698946 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.709065 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:14:06.709077 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.715767 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.737640 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:14:06.737646 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 11ee!] UDP, length 40
23:14:06.753224 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.786513 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 178: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 164) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 136
23:14:06.798956 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.809066 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.815770 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.826603 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 1258: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 1244) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 1216
23:14:06.853235 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.886516 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 4fb!] UDP, length 40
23:14:06.898967 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.909085 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
[Expert@FW]# cphaconf cluster_id get
cphaconf cluster_id: 17
===================
[Expert@FW]# tcpdump -nneei Lan4 port 8116
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on Lan4, link-type EN10MB (Ethernet), capture size 96 bytes
00:28:47.669350 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:47.669355 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.669385 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:47.769330 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.769356 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 86: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 44
00:28:47.869358 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:47.869370 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.969370 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.069409 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.069422 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.169431 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.169457 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:48.269457 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.269470 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.369477 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.469508 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.469521 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.569519 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.669559 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.669572 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.669601 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:48.769548 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
Hi Srinivasan,
it is correct. Both firewalls have the same ClusterXL ID.
Regards
Heiko
Did the following entry help?
# cphaconf set_ccp broadcast
Is the cluster status now ok ( aktive/standby)?
# cphaprob stat
Hi Heiko, We've requested for Field engineer to check cable connectivity in addition to Multicast drops on switch. Is there any way we can check, is Multicast packets are dropped on switch from firewall end. If so, please assist with the commands to check in firewall to proceed with broadcast command.
If you see on fw B no CCP packet from fw A. The red filed shows the gateway ID from fw gateway A. If you not see this packet on gateway B, the switch drop the packet.
23:14:06.615764 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40  
We've changed it to Broadcast, still issue persists..Meanwhile, we're checking switch conf as well. Thanks
[Expert@FW]# cphaprob -a if
Required interfaces: 8
Required secured interfaces: 1
Mgmt UP non sync(non secured), broadcast
Sync UP sync(secured), broadcast
Lan1 UP non sync(non secured), broadcast
Lan2 UP non sync(non secured), broadcast
Lan3 DOWN (15105.8 secs) non sync(non secured), broadcast ------->>>
Lan4 Inbound: DOWN (3.6 secs) Outbound: DOWN (15105.8 secs) non sync(non secured), broadcast ------->>>>
Lan5 DOWN (15105.8 secs) non sync(non secured), broadcast ----->>>>>
Lan6 UP non sync(non secured), broadcast
Hi Heiko, We've found that there is a problem with the switch interfaces. Meanwhile when I check in cat /var/log/messages, I didn't get any logs related to the interfaces down. How we can find what time the interfaces went down in CLI logs.
Did you ever resolve this? we are having the same issues on our 15600 gateways only they are connected via point to point patch cable. We have been dealing with tac on this case for months now to no avail.
What was the misconfiguration switch-sided?
thanks
We recently has a similar issue and it was a vlan misconfiguration on the switch. The ports connecting the interfaces on both cluster members had the correct vlan, however, the output of 'cphaprob -a if' showed them as down. We were unable to ping between the directly connected firewall interface and even switched the CCP method from multicast to broadcast.
In the end while the swicthport configuration listed the vlan as part of the port, the actual vlan was not configured on the switch. The cluster interface status changed to UP once the vlan was added to the switch and verified on all required uplinks.
Basically to prevent this issue just ensure that the vlan is configured on all switches and uplinks.
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 18 | |
| 16 | |
| 13 | |
| 11 | |
| 10 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY