Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Adnan_Saleem
Participant

Monitoring standby member in a cluster

Hi,

is there a way we can monitor the remote site standby cluster member to make sure its up in case the active member dies the standby takes over? We have IPSec tunnel between remote side and the data center.

Thanks.

-Adnan

0 Kudos
7 Replies
ED
Advisor

Hi,

On your remote site gateway cluster property, ClusterXL and VRRP there is a tracking option there when there is changes in the status of cluster members. Default is set to Log. Change it to forexample Mail alert to recieve an mail each time there is a change. 

Adnan_Saleem
Participant

Thanks Enis,

This is what we do to get alerts when the active member becomes standby. But we had a situation where our monitoring tool was monitoring active firewall and the standby firewall's AC adapter was died. Unfortunately, the active firewall died and there was not 'standby' firewall available to fail over. 

Thanks.

-Adnan

0 Kudos
XBensemhoun
Employee
Employee

The best practices is - off course - to monitor each nodes of clusters using snmp and snmp-trap‌

You can use Best Practices - SNMP .

Do you have such monitoring tools?

Information Security enthusiast, CISSP, CCSP
Kim_Moberg
Advisor

Maybe om could filter on cluster member events in messages and dmesg?

 Each important cluster event that affects the Cluster Members has a unique code that appears in the /var/log/messages file and dmesg.

Each cluster event message starts with the prefix CLUS-XXXXXX.

  • The first digit can distinguish between events of the local/remote members: <1 - local | 2 - remote>
  • State event codes are unique and have a separate explanation.
  • The Second Third and Four digits describe the event topic for easier filtering.
    • Policy event codes can be filtered by X200XX
    • PNotes and Sync problem event codes can be filtered by X201XX
    • Cluster Under Load event codes can be filtered by X202XX

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Best Regards
Kim
0 Kudos
Demith_Samaraw2
Contributor

I guess nothing much can be done from the CP side, your best bet would be to rely on a external network monitoring tool (any snmp based monitoring tool will do)

0 Kudos
Vladimir
Champion
Champion

Please take a look at the R80.20 Ongoing GHFA Take_80: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

It seems to address the SSH and WebUI access to the Standby cluster member via VPN, as described here:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

and CP is no longer recommending changing the flag fwha_forw_packet_to_not_active flag, as described here:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I'd be interested to know if SNMP is working with Take_80 as well.

 

Regards,

Vladimir

 

 

Kim_Moberg
Advisor

Hi

CheckPoint PRO support would also be an alternative.

it is proactively monitoring your appliances and auto generate TAC request and they can ship a new device before you notice it.

if you have a snmp server you can keep track of the state of the cluster nodes. There is a SK on this but stille you have to now which snmp tags to track and alert from.

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events