One of the SGM from SG is not syncing the connecti...

Blason_R · ‎2024-10-02

Hi Team,

I am currently operating with MHO140 and three SGMs on R81. However, a few days ago, I encountered an unusual problem where traffic experienced a sudden drop for approximately ten minutes in a whole day while passing through Maestro. Consequently, last night, we made the decision to reboot the SGMs, opting to do so one at a time.

Initially, we rebooted one SGM, specifically m 1_3, which took about an hour and a half to complete. Once it came back online, I noticed that connections were not being processed through it. A check using the command g_fw tab -t connections -s revealed that connections were not syncing on the third node. I then logged in and halted the CP services, which restored functionality to all connections. As a result, I had to keep the third node offline.

Do you have any insights into what might be causing this issue?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

AkosBakos · ‎2024-10-03

Hi @Blason_R

Really R81? Which take? You don't consider to upgrade to R81.20 latest GA, before you dig deeper in the investigation?

Is this setup is a dual site setup?

I found this:

Each active connection has a backup entry on 1 SGM on the local site and 1 SGM on the other site. Whether NAT is involved or not this is the case.

https://community.checkpoint.com/t5/Maestro/Checkpoint-Maestro-Question/m-p/226326#M2846

----------------
\m/_(>_<)_\m/

One of the SGM from SG is not syncing the connections?