This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nick_Doropoulos
Advisor
‎2019-02-26 02:54 AM

How to ensure that the network synchronization works properly

Upon troubleshooting a VPN tunnel that was not being established, I came across the following error:

"Packet is dropped because an IPSEC SA associated with the SPI on the received IPSEC packet could not be found."

 

While led me to sk19423:

 

Since the affected gateway is indeed a cluster member I would like to ensure that the synchronization network works properly to see if the scenario above applies.

My question is therefore, is there another way of checking the sync network other than running the following commands:

cphaprob -a if

cphaprob syncstat

fw ctl pstat

Might be worth noting that the gateway in question also happens to be a virtual instance.

Many thanks in advance.

0 Kudos
1 Reply
Alessandro_Marr
Advisor
‎2019-02-26 09:10 AM

You could run "show routed cluster-state detailed" to check if your cluster is flapping....

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events