Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bllackpython
Explorer

Creating a Checkpoint Lab in vSphere - Can't get sync interface to work

Hi,

So I'm trying to create a lab environment in vSphere, it's mostly gone well but I can't seem to get them to sync.

I have a VSX Cluster, sync interface was setup on both members using:

1.1.1.1/30

1.1.1.2/30

 

The interface shows as up but sync status shows the interface as down *See pictures*

 

Am I missing something silly?

 

Thanks,

Alex

0 Kudos
4 Replies
_Val_
Admin
Admin

show the output from: 

  • cphaprob stat
  • vsx state -v

Most probably connectivity. Check you can ping from VS0 on sync network, verify you did push policy to VS0, and it does allow sync communications.

0 Kudos
bllackpython
Explorer

Thanks Val,

I can ping both 1.1.1.1 & 1.1.1.2 successfully on VS0 and I did push a policy (currently set to allow everything).

Weirdly the logs show as multiple interfaces down, on the gateways and & servers tab it look fine.

0 Kudos
Bob_Zimmerman
Authority
Authority

It's not relevant to your issue, but 1.1.1.1 and 1.1.1.2 are public addresses which somebody other than you owns. You should not use those for your sync interfaces.

What are the settings on the switch for your sync network in VMware?

0 Kudos
Timothy_Hall
Champion
Champion

Code version?  CCP may be running in multicast mode which is not being forwarded correctly between the members by VSphere.  In R80.30 Gaia 3.10 and later, CCP mode should be auto and select unicast.  Please provide output of cphaprob -a if

Also in older code versions (R80.30 with Gaia 2.6.18 and earlier I think, but I'm not 100% sure about that) the cluster members must be able to see at least one other responding IP address on an interface presenting a Cluster IP, or the interface will be marked down even if it is physically working fine (pings succeed between the cluster members).  See Solution 3 here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events