- Products
- Learn
- Local User Groups
- Partners
- More
Introduction to Lakera:
Securing the AI Frontier!
Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi team
I need to change the state of member 1 in the cluster from DOWN to STANDBY using CLI commands. Could you help me with the command?
This is the result of the command cphaprob state
ID Unique Address Assigned Load State Name
1 (local) 10.253.252.1 0% DOWN BOSQUES-FW01
2 10.253.252.2 1 100% ACTIVE(!) BOSQUES-FW02
clusterXL_admin down; clusterXL admin up
Just run that from master member's ssh expert mode.
Andy
Actually, scrap what I said, makes no sense to do my command, since one member is down anyway. PLease run below on both and send over.
Andy
cphaprob roles
cphaprob state
cpjaprob -i list
cphaprob -l list
cphaprob -a if
cphaprob syncstat
Thank you. I'm sharing the commands, and as additional information:
I'm sending the commands from FW1, which I can still access despite its Down state.
The firewall was forcibly set to Down state to redirect traffic through FW2 for testing purposes only. However, I now want to return it to Standby status."
BOSQUES-FW01> cphaprob roles
ID Role
1 (local) Non-Master
2 Master
BOSQUES-FW01> cphaprob state
Cluster Mode: High Availability (Active Up) with IGMP Membership
ID Unique Address Assigned Load State Name
1 (local) 10.253.252.1 0% DOWN BOSQUES-FW01
2 10.253.252.2 100% ACTIVE(!) BOSQUES-FW02
Active PNOTEs: FWD, LPRB
Last member state change event:
Event Code: CLUS-111205
State change: ACTIVE(!) -> DOWN
Reason for state change: FWD PNOTE
Event time: Wed Apr 30 21:22:26 2025
Last cluster failover event:
Transition to new ACTIVE: Member 1 -> Member 2
Reason: FWD PNOTE
Event time: Wed Apr 30 21:21:30 2025
Cluster failover count:
Failover counter: 22
Time of counter reset: Wed Mar 26 12:48:34 2025 (reboot)
BOSQUES-FW01> cpjaprob -i list
CLINFR0329 Invalid command:'cpjaprob -i list'.
BOSQUES-FW01> cphaprob -i list
Registered Devices:
Device Name: fwd
Registration number: 4
Timeout: 30 sec
Current state: problem
Time since last report: 7900.9 sec
Process Status: NOT UP
Device Name: Local Probing
Registration number: 7
Timeout: none
Current state: problem
Time since last report: 7877.7 sec
BOSQUES-FW01> cphaprob -a if
CCP mode: Manual (Unicast)
Required interfaces: 6
Required secured interfaces: 1
Interface Name: Status:
eth1 UP
eth5 (P) UP
eth2 UP
eth3 UP
eth4 UP
Sync (S) UP
Mgmt Non-Monitored
S - sync, HA/LS - bond type, LM - link monitor, P - probing
Virtual cluster interfaces: 5
eth1 X.X.X.X
eth5 10.X.X.X
eth2 X.X.X.X
eth3 10.X.X.X
eth4 10.X.X.X
BOSQUES-FW01> cphaprob syncstat
Delta Sync Statistics
Sync status: OK
Drops:
Lost updates................................. 0
Lost bulk update events...................... 0
Oversized updates not sent................... 0
Sync at risk:
Sent reject notifications.................... 0
Received reject notifications................ 0
Sent messages:
Total generated sync messages................ 49202273
Sent retransmission requests................. 0
Sent retransmission updates.................. 0
Peak fragments per update.................... 2
Received messages:
Total received updates....................... 10654913
Received retransmission requests............. 0
Sync Interface:
Name......................................... Sync
Link speed................................... 1000Mb/s
Rate......................................... 34060 [Bps]
Peak rate.................................... 1220 [KBps]
Link usage................................... 0%
Total........................................ 102493[MB]
Queue sizes (num of updates):
Sending queue size........................... 512
Receiving queue size......................... 256
Fragments queue size......................... 50
Timers:
Delta Sync interval (ms)..................... 100
Reset on Wed Apr 2 18:23:16 2025 (triggered by fullsync).
K, never mind then, you can do clusterXL_admin up command on it.
Andy
Not with FWD being down. I would suggest rebooting the gateway for a clean start and checking again.
Now Im curious about fwd state, will test it in the lab tomorrow.
Andy
Right, the usually solve this. What is in the fwd.elg?
As always, you were 100% correct! I tested in the lab, and fwd stays up when doing clusterXL_admin down, so reboot definitely sounds like a logical step.
Andy
Perform reboot, but only change state to secondary
ID Unique Address Assigned Load State Name
1 10.253.252.1 100% ACTIVE BOSQUES-FW01
2 (local) 10.253.252.2 0% DOWN BOSQUES-FW02
What does cphaprob -a if show now?
Andy
Hello @SecdetKrypton ,
You've said that you forcibly set the FW01 to DOWN. What did you do actually ?
"The firewall was forcibly set to Down state to redirect traffic through FW2 for testing purposes only. However, I now want to return it to Standby status."
Also as we see, previously FW02 was the ACTIVE node and when you reloaded the FW01, that became ACTIVE and the other DOWN. That is weird for me, or you reloaded both of them ?
It can be that in the Cluster set-up, "Cluster-XL and VRRP", you have an option (in the lower part) "Maintain current active Cluster Member". We use that option, so it's not flapping/flipping over each time you reload a node/member.
when you failed to FW02 ID Unique Address Assigned Load State Name 1 (local) 10.253.252.1 0% DOWN BOSQUES-FW01 |
after you reloaded the box or both boxes ?!?!?! ID Unique Address Assigned Load State Name 1 10.253.252.1 100% ACTIVE BOSQUES-FW01 |
Ty,
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
12 | |
12 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
Tue 30 Sep 2025 @ 08:00 AM (EDT)
Tips and Tricks 2025 #13: Strategic Cyber Assessments: How to Strengthen Your Security PostureTue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFTue 30 Sep 2025 @ 08:00 AM (EDT)
Tips and Tricks 2025 #13: Strategic Cyber Assessments: How to Strengthen Your Security PostureThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY