This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SriNarasimha005
Contributor
‎2018-04-02 01:49 PM

Cluster-Interfaces down

Hi Experts

 We've configured cluster (HA) and we see 2 interfaces are down in Active and 4 interfaces are  Down in standby firewall. Is this due to cabling problem in the switch.  Please assist.

Active Device:

****************

[Expert@FW]# cphaprob stat

Cluster Mode: High Availability (Primary Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 192.168.252.253 100% Active Attention
2 192.168.252.254 0% Down

[Expert@FW]# cphaprob -a if

Required interfaces: 8
Required secured interfaces: 1

Mgmt UP non sync(non secured), multicast
Sync UP sync(secured), multicast
Lan1 UP non sync(non secured), multicast
Lan2 UP non sync(non secured), multicast
Lan3 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast ---->>>
Lan4 Inbound: UP Outbound: DOWN (16151.5 secs) non sync(non secured), multicast 
Lan5 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast  --->>>>
Lan6 UP non sync(non secured), multicast

Standby Device:

******************

[Expert@FW]# cphaprob stat

Cluster Mode: High Availability (Primary Up) with IGMP Membership

Number Unique Address Assigned Load State

1 192.168.252.253 100% Active Attention
2 (local) 192.168.252.254 0% Down

[Expert@FW]# cphaprob -a if

Required interfaces: 8
Required secured interfaces: 1

Mgmt UP non sync(non secured), multicast
Sync UP sync(secured), multicast
Lan1 UP non sync(non secured), multicast
Lan2 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast  
Lan3 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast  ------->>>>
Lan4 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast 
Lan5 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast   ------->>>>>
Lan6 UP non sync(non secured), multicast

14 Replies
Julian_Weiss
Participant
‎2018-04-02 02:20 PM

Hi,

- check multicast droping on switch

- check interface errors „netstat -in“ 

  > show for rx-errors (drop,overload,....)

- as next step set ccp to broadcast

HeikoAnkenbrand
Champion Champion
Champion
‎2018-04-02 02:49 PM

I think it's a CCP problem.

Use the following command to check the CCP packet:

# tcpdump -i LanX -nnn -vvv -e port 8116

Change LanX to your ethernet interface.

Now, you can see all 100 ms a packet from GW A to GW B and the other way around. If the packets are not visible, it is a multicast problem on the switch. In that case, test it with CCP broadcast. To do this, execute the following command on both gateways.

# cphaconf set_ccp broadcast

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Julian_Weiss
Participant
‎2018-04-02 03:15 PM
In response to HeikoAnkenbrand

Hi Srinivasan,

I think heiko described the right way. But I have another comment. You can also turn off multicast monitoring / security on the switch.

Regards

Julian

SriNarasimha005
Contributor
‎2018-04-02 03:48 PM
In response to HeikoAnkenbrand

Hi Heiko

 Thanks for the reply.  When  I applied this on the Sync and Lan4 interfaces , I see below logs. And Cluster-ID seems same on both firewalls.

Active

*******

[Expert@FW]# tcpdump -i Sync -nnn -vvv -e port 8116
tcpdump: listening on Sync, link-type EN10MB (Ethernet), capture size 96 bytes
23:13:36.515776 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.519628 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.519665 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:36.519673 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.553935 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.574478 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 138: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 124) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 96
23:13:36.595023 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.600765 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.615789 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.619641 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.653936 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.674492 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.695025 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.700825 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.700829 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:36.715814 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.719660 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.719693 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.753988 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 7689!] UDP, length 40
23:13:36.759984 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 1410: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 1396) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 1368
23:13:36.774506 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.795027 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.800868 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.815840 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.854039 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.874521 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.895028 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.900928 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.900934 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:36.915864 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.919711 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:13:36.919744 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 162: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 148) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 120
23:13:36.954091 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.974528 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:36.995030 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:37.000922 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:37.000928 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum de21!] UDP, length 40
23:13:37.015903 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:13:37.019771 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 78) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 50
23:13:37.019793 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 162: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 148) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 120
23:13:37.054143 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40

[Expert@FW# cphaconf cluster_id get

cphaconf cluster_id: 17

==================

Standby

*********

[Expert@FW]# tcpdump -i Sync -nnn -vvv -e port 8116
tcpdump: listening on Sync, link-type EN10MB (Ethernet), capture size 96 bytes
23:14:06.598944 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.609044 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.615764 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.637632 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.653214 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.686510 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.698946 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.709065 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:14:06.709077 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.715767 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.737640 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34
23:14:06.737646 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 11ee!] UDP, length 40
23:14:06.753224 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.786513 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 178: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 164) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 136
23:14:06.798956 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.809066 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.815770 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.826603 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 1258: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 1244) 0.0.0.0.8116 > 192.168.252.252.8116: UDP, length 1216
23:14:06.853235 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.886516 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [bad udp cksum 4fb!] UDP, length 40
23:14:06.898967 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40
23:14:06.909085 00:00:00:00:11:01 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 62) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 34

[Expert@FW]# cphaconf cluster_id get

cphaconf cluster_id: 17

===================

[Expert@FW]# tcpdump -nneei Lan4 port 8116
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on Lan4, link-type EN10MB (Ethernet), capture size 96 bytes
00:28:47.669350 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:47.669355 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.669385 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:47.769330 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.769356 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 86: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 44
00:28:47.869358 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:47.869370 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:47.969370 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.069409 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.069422 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.169431 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.169457 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:48.269457 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.269470 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.369477 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.469508 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.469521 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.569519 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.669559 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 34
00:28:48.669572 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32
00:28:48.669601 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 92: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 50
00:28:48.769548 00:00:00:00:11:00 > 01:00:5e:00:09:f0, ethertype IPv4 (0x0800), length 74: 0.0.0.0.8116 > 10.128.9.0.8116: UDP, length 32

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2018-04-02 10:48 PM

Hi Srinivasan,

it is correct. Both firewalls have the same ClusterXL ID.

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2018-04-02 10:54 PM
In response to HeikoAnkenbrand

Did the following entry help?

# cphaconf set_ccp broadcast

Is the cluster status now ok ( aktive/standby)?

# cphaprob stat

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
SriNarasimha005
Contributor
‎2018-04-03 02:09 AM
In response to HeikoAnkenbrand

Hi Heiko, We've requested for Field engineer to check cable connectivity in addition to Multicast drops on switch. Is there any way we can check, is Multicast packets are dropped on switch from firewall end. If so, please assist with the commands to check in firewall to proceed with broadcast command.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2018-04-03 11:49 AM
In response to SriNarasimha005

If you see on fw B no CCP packet from fw A. The red filed shows the gateway ID from fw gateway A. If you not see this packet on gateway B, the switch drop the packet.


23:14:06.615764 00:00:00:00:11:00 > 01:00:5e:28:fd:f6, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 68) 0.0.0.0.8116 > 192.168.252.252.8116: [udp sum ok] UDP, length 40 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
SriNarasimha005
Contributor
‎2018-04-03 01:04 PM
In response to HeikoAnkenbrand

 We've changed it to Broadcast, still issue persists..Meanwhile, we're checking switch conf as well. Thanks

[Expert@FW]# cphaprob -a if

Required interfaces: 8
Required secured interfaces: 1

Mgmt UP non sync(non secured), broadcast
Sync UP sync(secured), broadcast
Lan1 UP non sync(non secured), broadcast
Lan2 UP non sync(non secured), broadcast
Lan3 DOWN (15105.8 secs) non sync(non secured), broadcast ------->>>
Lan4 Inbound: DOWN (3.6 secs) Outbound: DOWN (15105.8 secs) non sync(non secured), broadcast ------->>>>
Lan5 DOWN (15105.8 secs) non sync(non secured), broadcast ----->>>>>
Lan6 UP non sync(non secured), broadcast

0 Kudos
SriNarasimha005
Contributor
‎2018-04-03 03:06 PM
In response to HeikoAnkenbrand

Hi Heiko, We've found that there is a problem with the switch interfaces. Meanwhile when I check in cat  /var/log/messages, I didn't get any logs related to the interfaces down. How we can find what time the interfaces went down in CLI logs.



0 Kudos
6fdcbce4-7d2e-4
Explorer
‎2019-05-16 10:15 AM
In response to SriNarasimha005

Did you ever resolve this? we are having the same issues on our 15600 gateways only they are connected via point to point patch cable. We have been dealing with tac on this case for months now to no avail.

0 Kudos
AL_Bert
Explorer
‎2019-08-21 07:33 AM
In response to SriNarasimha005

What was the misconfiguration switch-sided?

thanks

0 Kudos
steve_warren
Explorer
‎2019-12-18 11:27 AM
In response to AL_Bert

We recently has a similar issue and it was a vlan misconfiguration on the switch. The ports connecting the interfaces on both cluster members had the correct vlan, however, the output of 'cphaprob -a if' showed them as down. We were unable to ping between the directly connected firewall interface and even switched the CCP method from multicast to broadcast.

 

In the end while the swicthport configuration listed the vlan as part of the port, the actual vlan was not configured on the switch. The cluster interface status changed to UP once the vlan was added to the switch and verified on all required uplinks.

 

Basically to prevent this issue just ensure that the vlan is configured on all switches and uplinks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events