This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2025-05-14 12:27 AM

Simple Question

MVC is enable by deafult now? (FROM R81.20)

0 Kudos
15 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-05-14 12:38 AM

Just looking at the relevant administration guide it should be enabled manually. Perhaps someone else has different experience:

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

 

 

0 Kudos
RemoteUser
Advisor
‎2025-05-14 12:42 AM
In response to Tal_Paz-Fridman

I'll rephrase the question, shouldn't it be disabled by default?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-14 01:06 AM
In response to RemoteUser

You always have to enable it on the member(s) using:

set cluster member mvc on

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-14 12:47 AM

Why should it ? See the obstacles to policy install in sk177626 first ! Next limitation: Do not add, remove, or edit settings of cluster interfaces (IP addresses, Network Objectives, and so on) while in MVC, see https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

Idea of MVC is that You can upgrade to a newer version without a loss in connectivity (Zero Downtime Upgrade) and test the new version on some of the Cluster Members before you decide to upgrade the rest of the Cluster Members or revert the upgraded.

This also is not full HA clustering as failover will not fully work (depending on the version gap).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-14 01:04 AM

In R81.20 GA it is disabled. When you install any JHF take 14 and above it is enabled, so that you don't lose clustering during the JHF install process. This information is in the notes section of the JHF documentation.

In my R82 install it is disabled, I have not changed this configuration so I think this would be the default setting in R82.

0 Kudos
RemoteUser
Advisor
‎2025-05-14 01:35 AM
In response to emmap

Ok, you answered my question, so from JHF 14 onwards it is enabled by default, but I haven’t found where it says that in the JHF documentation.

Thank you very much, emmap

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-14 01:37 AM
In response to RemoteUser

It's in the Critical Information section (used to be called Important Notes) - search for PRJ-44444 in there and you'll see the entry,

RemoteUser
Advisor
‎2025-05-14 01:39 AM
In response to emmap

The Multi-Version Cluster feature is enabled by default to prevent traffic loss after a failover from a cluster member running a lower Jumbo Hotfix version.

 

Take 14

 

PRJ-44444

Thank you very much emma

0 Kudos
RemoteUser
Advisor
‎2025-05-14 01:46 AM
In response to emmap

Based on what's written here:

The Multi-Version Cluster feature is enabled by default to prevent traffic loss after a failover from a cluster member running a lower Jumbo Hotfix version.

it seems like it was enabled to solve issues related to Jumbo Hotfixes, but MVC isn’t designed for major versions... or am I missing something

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-14 01:51 AM
In response to RemoteUser

It is designed for version upgrades primarily, but there was something in the code that was updated in that JHF take that also triggered essentially the same thing, ie no cluster sync when one box has the JHF and the other doesn't. I don't have any further details on what changed though. 

0 Kudos
RemoteUser
Advisor
‎2025-05-14 01:55 AM
In response to emmap

Thank you very much for the explanation.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-14 02:06 AM
In response to RemoteUser

See ClusterXL Admin Guide: ClusterXL is supported only between identical Check Point software versions - all Cluster Members must be installed with identical Check Point software, including OS build and hotfixes.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
RemoteUser
Advisor
‎2025-05-14 02:08 AM
In response to G_W_Albrecht

Yes, that's true, but it's already happened to me a couple of times that I kept different JHF versions for a few days and nothing ever happened. Maybe I just got lucky, haha!

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-14 02:10 AM
In response to RemoteUser

As long as MVC is used...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
RemoteUser
Advisor
‎2025-05-14 02:12 AM
In response to G_W_Albrecht

After JHF 14 yes

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events