Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ravindra_Yadav
Participant

Issue with Checkpoint cluster

Dear Team,

I am facing connectivity issue for one of my server. When I point Cluster IP as gateway, I am not able to reach the device but when I configure individual cluster member as gateway, It is working perfectly fine. What could be the issue. My Checkpoint cluster is in HA mode.

0 Kudos
8 Replies
FedericoMeiners
Advisor

Ravindra,
Can you please share with us which Gaia version and JHG are you running?

Is this happening only with this server?
Please use the fw monitor and fw ctl zdebug drop | grep ip (ie: fw ctl zdebug drop | grep 10.0.0.1) to check if there are any drops or if the traffic is reaching or leaving the firewall.
____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Ravindra_Yadav
Participant

It R80.10 with latest hotfix.
Traffic is reaching for sure when I point it to individual cluster member as gateway. But It didn't not work I use cluster IP as gateway.
0 Kudos
Maarten_Sjouw
Champion
Champion

Check with cphaprob stat
which of the 2 members is the active member.
Then you can use cphaprob -a if
to check the interfaces that are active.
Regards, Maarten
0 Kudos
Nick_Doropoulos
Advisor

Hello Ravindra,

In addition to what has already been suggested, could you please give us some background information on the setup of the cluster? In other words, did you configure a cluster right from the start (while going through the first time configuration wizard) or did you start with a single gateway and then tried to configure it as a cluster with another gateway?

Many thanks.

0 Kudos
Ravindra_Yadav
Participant

Hi Nick,
This cluster is already working since last 2 year. All other devices in the same segment has gateway as cluster IP and they are working fine. Only specific to these 2 new server I am facing issue.

Thanks.
0 Kudos
Maarten_Sjouw
Champion
Champion

Have you looked at the ARP table for these servers? When you try to ping the VIP, do you see the MAC for that IP? Have you enabled vMAC on the cluster object? If not please try this, sometimes an OS could be to intelligent and say: hey there are 2 IP's with the same MAC, I will not allow that...
Regards, Maarten
0 Kudos
Ravindra_Yadav
Participant

I got one observation. On my server, I am getting MAC of standby firewall again cluster IP. Why is this happening, I should get active firewall MAC against cluster IP, correct ? We are not using vMAC on cluster.
0 Kudos
Tracy_Hazlett
Explorer

We are having a similar issue, did you find a resolution for this?  Thanks.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events