This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Di_Junior
Advisor
Advisor
‎2018-09-06 11:18 AM

Interface Status on access via HTTPS and Clish

Dear Check Mates

I need your urgent help.

We are experiencing something very strange on our environment.

1. We have a cluster operating in Load sharing mode (unicast), when I run the cphaprob state command it shows that the sync interface of one member is down, but when I access the member via HTTPs, in the Network interfaces sections, it shows that the sync interface is up. Any thoughts as to what could be causing this problem?

2 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2018-09-06 12:46 PM

That means that gateways are not "seeing" each others packets in Sync interface. Sounds like you are connected to a switch so check that trunk between switches includes VLAN where Sync ports are connected to.

You can run 

 tcpdump -nni Sync port 8116 -e -c 20

and observer that you see packets originating from both gateways 

listening on Sync, link-type EN10MB (Ethernet), capture size 96 bytes
21:44:10.959901 00:00:00:00:01:00 > 01:00:5e:28:fe:fa, ethertype IPv4 (0x0800), length 1330: 0.0.0.0.8116 > 192.168.254.0.8116: UDP, length 1288
21:44:10.974141 00:00:00:00:01:01 > 01:00:5e:28:fe:fa, ethertype IPv4 (0x0800), length 82: 0.0.0.0.8116 > 192.168.254.0.8116: UDP, length 40
21:44:10.974212 00:00:00:00:01:01 > 01:00:5e:28:fe:fa, ethertype IPv4 (0x0800), length 82: 0.0.0.0.8116 > 192.168.254.0.8116: UDP, length 40
21:44:10.978944 00:00:00:00:01:00 > 01:00:5e:28:fe:fa, ethertype IPv4 (0x0800), length 76: 0.0.0.0.8116 > 192.168.254.0.8116: UDP, length 34

0 Kudos
Ray_Lal
Participant
‎2018-09-06 03:45 PM

Check the Switches that the gateways are connected to - Are they running IGMP snooping globally, or perhaps for the VLAN's hosted on the gateways?

If so, preferably disable IGMP Snooping, or change CCP to Broadcast instead of multi-cast - Personally, I would keep it MC, to reduce unnecessary chatter.

Please list output for 'cpstat -f all ha' and cphaprob -i list and fw ctl pstat.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top