This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alexander_Bykov
Explorer
‎2019-03-27 08:57 AM

R77.30 High high availability cluster nodes synchronization problem

Hello!
I have a problem with high availability cluster.
After additing 2 gatewalls to cluster have this output cphaprob state on both nodes:
1.PNG2.PNG

There are a lot of solutions when both nodes are down, but i did not find any SK about up nodes.


SmartView monitor show same information about each node

3.PNG

Im sorry if any rules of community was broken by this post, but i really need a help

6 Replies
Maarten_Sjouw
Champion
Champion
‎2019-03-27 02:38 PM

Did you enable cluster mode in cpconfig?
Have you pushed policy to both cluster members?
Did you just install a new Jumbo fix?
Push policy again and reboot both members.
Regards, Maarten
0 Kudos
Vladimir
Champion
Champion
‎2019-03-27 03:58 PM

A bit more information is required for us to get an idea of what is going on.

Please describe if:

1. You are creating a cluster from the scratch and both gateways were preconfigured via FTW as a cluster members

2. If you are creating a cluster object and adding to it existing gateways

3. If you have any other check point clusters on the same VLAN

4. What is the cluster's network topology is defined as

Cheers,

Vladimir

0 Kudos
Alexander_Bykov
Explorer
‎2019-03-28 12:47 AM
In response to Vladimir

"1. You are creating a cluster from the scratch and both gateways were preconfigured via FTW as a cluster members

 2. If you are creating a cluster object and adding to it existing gateways"

-I have tried both variants. Same problem each time

"3. If you have any other check point clusters on the same VLAN"

- No i have not

 

"4. What is the cluster's network topology is defined as"
-Simplified network plan:
План.PNG

 

 

 

 

 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-06 01:22 PM
In response to Alexander_Bykov

Check this:

1) ping the cluster member on sync interface and check layer 2 via arp entry:

# ping 192.168.2.101

# arp -an | grep 192.168.2.101

If you see "incompleted" then you have a layer 2 issue.

2) check the cluster ID. It sould the same on both gateways:

# tcpdump -vvv -nn -e -i eth<x> port 8116

3) check CCP protocol

# tcpdump -vvv -nn -e -i eth<x> port 8116

 

➜ CCSM Elite, CCME, CCTE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-06 01:24 PM
In response to HeikoAnkenbrand

Sorry here are the protocol details:

Screenshot_20190406-222507_Chrome.jpg

➜ CCSM Elite, CCME, CCTE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-06 01:29 PM
In response to Alexander_Bykov

More infos to CCP protocol and cluster ID here: 

R80.x - cheat sheet - ClusterXL

➜ CCSM Elite, CCME, CCTE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events