This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ravindra_Yadav
Participant
‎2019-09-17 06:33 AM

Issue with Checkpoint cluster

Dear Team,

I am facing connectivity issue for one of my server. When I point Cluster IP as gateway, I am not able to reach the device but when I configure individual cluster member as gateway, It is working perfectly fine. What could be the issue. My Checkpoint cluster is in HA mode.

0 Kudos
8 Replies
FedericoMeiners
Advisor
‎2019-09-17 06:47 AM

Ravindra,
Can you please share with us which Gaia version and JHG are you running?

Is this happening only with this server?
Please use the fw monitor and fw ctl zdebug drop | grep ip (ie: fw ctl zdebug drop | grep 10.0.0.1) to check if there are any drops or if the traffic is reaching or leaving the firewall.
____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Ravindra_Yadav
Participant
‎2019-09-17 06:51 AM
In response to FedericoMeiners

It R80.10 with latest hotfix.
Traffic is reaching for sure when I point it to individual cluster member as gateway. But It didn't not work I use cluster IP as gateway.
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-17 07:21 AM
In response to Ravindra_Yadav

Check with cphaprob stat
which of the 2 members is the active member.
Then you can use cphaprob -a if
to check the interfaces that are active.
Regards, Maarten
0 Kudos
Nick_Doropoulos
Advisor
‎2019-09-17 07:40 AM

Hello Ravindra,

In addition to what has already been suggested, could you please give us some background information on the setup of the cluster? In other words, did you configure a cluster right from the start (while going through the first time configuration wizard) or did you start with a single gateway and then tried to configure it as a cluster with another gateway?

Many thanks.

0 Kudos
Ravindra_Yadav
Participant
‎2019-09-17 10:58 PM
In response to Nick_Doropoulos

Hi Nick,
This cluster is already working since last 2 year. All other devices in the same segment has gateway as cluster IP and they are working fine. Only specific to these 2 new server I am facing issue.

Thanks.
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-18 02:18 AM
In response to Ravindra_Yadav

Have you looked at the ARP table for these servers? When you try to ping the VIP, do you see the MAC for that IP? Have you enabled vMAC on the cluster object? If not please try this, sometimes an OS could be to intelligent and say: hey there are 2 IP's with the same MAC, I will not allow that...
Regards, Maarten
0 Kudos
Ravindra_Yadav
Participant
‎2019-09-19 01:36 AM
In response to Maarten_Sjouw

I got one observation. On my server, I am getting MAC of standby firewall again cluster IP. Why is this happening, I should get active firewall MAC against cluster IP, correct ? We are not using vMAC on cluster.
0 Kudos
Tracy_Hazlett
Participant
‎2020-04-22 05:39 AM
In response to Ravindra_Yadav

We are having a similar issue, did you find a resolution for this?  Thanks.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top