This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mazin_D
Contributor
‎2019-07-08 03:25 AM

unable to ssh to Primary checkpoint R77.10

Hi,

we have cluster X checkpoint R77.10 , the primary one is up and running but I am not able to SSH to it , its prompted me with the username and password , when I enter the password I got the below message :

CLINFR0139 Couldn't open the tmp_env_vars: No such file or directory

from SmartView Monitor it shows as disconnected. the secondary is reachable via SSH and shows as OK in SmartView. I am new to checkpoint , and don't have support contract . can some help ? 

0 Kudos
13 Replies
_Val_
Admin
Admin
‎2019-07-08 04:21 AM

It might be HDD issue (out of space or corruption). Considering you are running an unsupported version and do not have a maintenance contract, your best option is to backup the machine on an external location and try rebooting. 

 

If it does not come up after reboot, reinstall and restore from backup.

0 Kudos
Mazin_D
Contributor
‎2019-07-08 04:27 AM
In response to _Val_

thanks for your reply Valeri , that's what I am planning to do. one question here, I read about fsck command in maintenance mode that could sort the issue. any thoughts ??

0 Kudos
_Val_
Admin
Admin
‎2019-07-08 04:32 AM
In response to Mazin_D

Yes, this is one more option, in case your drive has enough space, and the damage is not physical. 

You can do backup on external location from WebUI. Is it still working?

0 Kudos
Mazin_D
Contributor
‎2019-07-08 04:38 AM
In response to _Val_

no, that's not available. but as I mentioned the secondary is reachable and when rebooting, the traffic  should fails to the secondary. configuration wise I can backup the secondary as they should share the same. 

0 Kudos
_Val_
Admin
Admin
‎2019-07-08 05:05 AM
In response to Mazin_D

IPs will be different, but yes, you can figure out most of it from the secondary member

Mazin_D
Contributor
‎2019-07-12 01:02 AM
In response to _Val_

as expected the primary did not back up , its failing at checking the filesystems , and asking me to reboot in maintenance mode to run fsck , the issue that I cant get to maintenance mode , it only give me the option to from Gaia or boot manager, can you please advise ?

 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-07-08 05:47 AM

FYI: R77.10 is out of support.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-07-08 06:02 AM

You are out of disk space or memory on that primary member, or its hard drive has failed as Val said.  Since the primary firewall is showing as disconnected, that means that the cpd daemon is dead or impaired, and the fact that sshd can't get any resources for your incoming connection confirms that process/user space has insufficient resources to do anything.  However most traffic inspection operations take place in the kernel, which preallocates all its needed memory in RAM and has no dependence on the hard drive once successfully booted up.  If the hard drive has indeed failed, be prepared for the primary to not boot back up when you power cycle it.  Make sure your secondary member is ready to take over, and also anticipate that you'll need to do a restore on the primary after replacing the hard drive.

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
Mazin_D
Contributor
‎2019-07-08 06:37 AM
In response to Timothy_Hall

Thanks Tim for your input, I am planning to fail the traffic to the secondary by increasing its priority via SmartDashboard prior to the reboot of the primary. will update the thread after the reboot , finger cross its not a hard drive failure.

0 Kudos
Mazin_D
Contributor
‎2019-07-11 01:07 AM
In response to Mazin_D

Hi , 

just to let you know guys, increasing the standby priority from smartdashboard and push the policy failed to make the standby active. will go a head and physically reboot the primary to force failover, this is scheduled for tonight. will keep you posted., 

0 Kudos
Mazin_D
Contributor
‎2019-07-12 12:54 AM
In response to Timothy_Hall

Hi ,

I have rebooted the primary , the traffic has failed to the secondary but as you both expected the primary did not back up, its failing at checking the filesystems and I get below message :-

***please boot in the maintenance mode to repair the filesystems.

I rebooted the firewall but I can see " press any key to see the boot menu" , after the reboot , it goes first to memory check and then I have the choice to boot from gaia or boot manager. can someone help on how to boot in the maintenance mode ?

0 Kudos
Muhamad_Aizat_R
Participant
‎2020-06-24 10:32 PM
In response to Mazin_D

Have your issue settled ?

Can you please share what steps that you made..
0 Kudos
Mazin_D
Contributor
‎2020-06-25 02:03 AM
In response to Muhamad_Aizat_R

it was a corrupted file system, and as the hardware was out of support,  we ended up with new firewall and with R80.1. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top