This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Adnan_Saleem
Participant
‎2018-05-23 08:17 AM

Monitoring standby member in a cluster

Hi,

is there a way we can monitor the remote site standby cluster member to make sure its up in case the active member dies the standby takes over? We have IPSec tunnel between remote side and the data center.

Thanks.

-Adnan

0 Kudos
7 Replies
ED
Advisor
‎2018-05-24 12:53 AM

Hi,

On your remote site gateway cluster property, ClusterXL and VRRP there is a tracking option there when there is changes in the status of cluster members. Default is set to Log. Change it to forexample Mail alert to recieve an mail each time there is a change. 

Adnan_Saleem
Participant
‎2018-05-24 06:04 AM

Thanks Enis,

This is what we do to get alerts when the active member becomes standby. But we had a situation where our monitoring tool was monitoring active firewall and the standby firewall's AC adapter was died. Unfortunately, the active firewall died and there was not 'standby' firewall available to fail over. 

Thanks.

-Adnan

0 Kudos
XavierBens
Employee
Employee
‎2018-05-25 07:27 AM
In response to Adnan_Saleem

The best practices is - off course - to monitor each nodes of clusters using snmp and snmp-trap‌

You can use Best Practices - SNMP .

Do you have such monitoring tools?

Cybersecurity Evangelist, CISSP, CCSA-CCAS-CCCS-CCTA
Kim_Moberg
Advisor
‎2019-06-08 11:32 AM
In response to XavierBens

Maybe om could filter on cluster member events in messages and dmesg?

 Each important cluster event that affects the Cluster Members has a unique code that appears in the /var/log/messages file and dmesg.

Each cluster event message starts with the prefix CLUS-XXXXXX.

  • The first digit can distinguish between events of the local/remote members: <1 - local | 2 - remote>
  • State event codes are unique and have a separate explanation.
  • The Second Third and Four digits describe the event topic for easier filtering.
    • Policy event codes can be filtered by X200XX
    • PNotes and Sync problem event codes can be filtered by X201XX
    • Cluster Under Load event codes can be filtered by X202XX

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Best Regards
Kim
0 Kudos
Demith_Samaraw2
Contributor
‎2018-05-24 10:16 PM

I guess nothing much can be done from the CP side, your best bet would be to rely on a external network monitoring tool (any snmp based monitoring tool will do)

0 Kudos
Vladimir
Champion
Champion
‎2019-05-28 10:36 AM

Please take a look at the R80.20 Ongoing GHFA Take_80: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

It seems to address the SSH and WebUI access to the Standby cluster member via VPN, as described here:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

and CP is no longer recommending changing the flag fwha_forw_packet_to_not_active flag, as described here:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I'd be interested to know if SNMP is working with Take_80 as well.

 

Regards,

Vladimir

 

 

Kim_Moberg
Advisor
‎2019-05-28 09:33 PM
In response to Vladimir

Hi

CheckPoint PRO support would also be an alternative.

it is proactively monitoring your appliances and auto generate TAC request and they can ship a new device before you notice it.

if you have a snmp server you can keep track of the state of the cluster nodes. There is a SK on this but stille you have to now which snmp tags to track and alert from.

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top