This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Shira
Participant
‎2022-10-06 06:35 AM

ISP redunancy issue.

Hi,

- We are having 44k device, where isp redundancy is enabled.

- R80.20 SP GAIA OS.

ch02-02 > cphaprob stat

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 192.0.*.* 33% ACTIVE FW-ch01-01
2 192.0.*.2 33% ACTIVE FW-ch01-02
3 192.0.*.3 33% ACTIVE FW-ch01-03
15 192.0.*.15 33% ACTIVE FW-ch02-01
16 (local) 192.0.*.16 33% ACTIVE FW-ch02-02
17 192.0.*.* 33% ACTIVE FW-ch02-03


Active PNOTEs: None

 

- cpstat fw shows isp redundnacy is proper

 

ISP link table
---------------------
|Name|Status|Role |
---------------------
|NKN |OK |Primary|  ----> works well (eth1-02)
|BSNL|OK |Backup | ----> does not work.(eth1-01)

---------------------

- All configuration seems fine, but the traffic through secondary link(BSNL) doesnot work.

 

traffic initiating frim checkpoint firewall

- FW-ch02-02 > ping -I eth1-01 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.
From 1**.2**.1**.**a icmp_seq=1 Destination Host Unreachable
From 1**.2**.1**.**a icmp_seq=2 Destination Host Unreachable

 

FW-ch02-02 > ping -I eth1-01 1**.2**.1**.**b
PING 1**.2**.1**.**b (1**.2**.1**.**b) from 1**.2**.1**.**a eth1-01: 56(84) bytes of data.
64 bytes from 1**.2**.1**.**b: icmp_seq=1 ttl=255 time=0.734 ms

 

- but when secondary isp directly connected to laptop, internet reachability is fine.

C:\Users\RS>tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 1**.2**.1**.**b
2 1 ms 1 ms 1 ms 172.24.221.154
3 * * * Request timed out.
4 * * * Request timed out.
5 11 ms 11 ms 11 ms 142.250.172.220
6 12 ms 12 ms 12 ms 172.253.68.113
7 14 ms 13 ms 13 ms 142.251.52.215
8 12 ms 12 ms 12 ms dns.google [8.8.8.8]

 

Let me know what else needs to be checked here.

Or anyone faced similar kind of issue previously.

 

Regards

Shira

 

 

 

 

 

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-10-06 09:27 AM

What JHF are you on?
ISP Redundancy isn't supported until JHF 305.
https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&so... 

On a separate note, R80.20SP will be End of Support in Feb 2023, so hopefully you are planning an upgrade in the near future.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events