Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nabil_l
Contributor
Jump to solution

Checkpoint Maestro LACP Bond Issue

Dear Experts

I am stuck in one situation and need help from yours team. I have created 3 bond interface in Bond10 (eth1-05,eth1-06,eth2-05,eth2-06), Bond20(eth1-07,eth2-07), Bond30(eth1-08,eth2-08). All physical interfaces are up. but when i check on switch side only interfaces of MHO-2 are showing up in LACP but no interfaces that belong to MHO-1 are up. When i shutdown MHO-2 connected interfaces on switch side than both all Interfaces in Bond(LACP) are down at that time. Why MHO-1 connected interface are not participating in LACP BOND. During troubleshooting i get to know switch is sending lacp pdu but not receiving any from MHO-1 Interfaces. Kindly help me to resolve this issue. I am using R82(Take 91). And currently there is no SMS, just MHO-1 and MHO-2 and 2 SGM connected and this is new setup and after 1-2 days i will be migrating SMS and make SMS up. But for now i have facing this bond related issue.

0 Kudos
1 Solution

Accepted Solutions
nabil_l
Contributor

After Rebooting MHO-1, Issue resolved. but i dont understand what was the issue.

View solution in original post

0 Kudos
9 Replies
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Are all the interfaces connected to the same switch? Have you rebooted your SGMs? 

0 Kudos
nabil_l
Contributor

From MHO-1 to Switch-1 and From MHO-2 to Switch-2 and switch are Huawei switch and are in Stack and on same switch there are other LACP connection too which are working fine. I need to reboot SGMs means all SMG one by one? 

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Are the switches presenting a single LACP bond across both of them for each bond? The interfaces from both MHOs are all in one LACP bond for each bond configured at the security group.

0 Kudos
nabil_l
Contributor

Yes the switches presenting a single LACP bond across both of them for each bond and yes the interfaces from both MHOs are all in one LACP bond for each bond configured at the security group.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

The LACP negotiation happens at the SMO SGM, is it active and behaving? If you have added multiple SGMs to your SG then only one of them will be active if there's no policy on it, check that one for troubleshooting. You should see useful information in the /proc/net/bonding/bondXX file for each bond.

0 Kudos
nabil_l
Contributor

[Global] NDC-CP-CORE-s01-02> cphaprob stat

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 192.0.2.1 0% DOWN NDC-CP-CORE-s01-01
2 (local) 192.0.2.2 100% ACTIVE(!) NDC-CP-CORE-s01-02


Active PNOTEs: FSYNC

Last member state change event:
Event Code: CLUS-116505
State change: DOWN -> ACTIVE(!)
Reason for state change: All other machines are dead (timeout), FULLSYNC PNOTE - Policy installation failure, There is no valid license(sk11054) Policy installation failure, There is no valid license(sk11
Event time: Sat Jun 6 07:35:10 2026

0 Kudos
nabil_l
Contributor

After Rebooting MHO-1, Issue resolved. but i dont understand what was the issue.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

There's a few things it could be, but glad it's resolved now.

0 Kudos
nabil_l
Contributor

SGM-1 = Port 1 to MHO-1 Port 27 and SGM-1 = Port 2 to MHO-2 Port 27 and from SGM-2 = Port 1 to MHO-1 Port 28 and SGM-2 = Port 2 to MHO-2 Port 28

0 Kudos