This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
a week ago

clusterXL_monitor_ips Script

Is it supported to run "clusterXL_monitor_ips Script" with Maestro ?

Following The clusterXL_monitor_ips Script (checkpoint.com) and How to configure $FWDIR/bin/clusterXL_monitor_ips script to run automatically on Gaia / SecurePlatfo... we want to monitor some external IP addresses and initialize a failover. We want todo this in a Maestro Dual-Site environment and VSX, one of the VS should be failover to the standby site if one of the monitored IPs does not answer.

0 Kudos
7 Replies
Dario_Perez
Employee Employee
Employee
a week ago

I dont' think that is supported, this feature is for HA cluster and maestro A/A cluster. anyway if you have this configuration would mark a mismatch on db config. 

0 Kudos
Wolfgang
Authority
Authority
a week ago
In response to Dario_Perez

@Dario_Perez we want this for a Dual-Site Maestro and failover only between sites not for local site.

0 Kudos
Dario_Perez
Employee Employee
Employee
a week ago
In response to Wolfgang

Right, but if for example, you have 3 SGM per site. you have to edit 3 files on each site, therefore this might be a database inconsistence. 

0 Kudos
emmap
Employee
Employee
a week ago

The SK article states that it does not apply to VSX and/or Scalable Platforms, which includes Maestro, so I'd suggest it's not supported. Whether that's just because it's not QA'd or if it actually doesn't work I don't know. Likely each SGM would be monitoring an triggering the pnote independently, and causing weirdness with where the pings go with correction layers etc. 

0 Kudos
Wolfgang
Authority
Authority
Wednesday
In response to emmap

  • This article does not apply to VRRP clusters or Scalable Platforms.
  • This article applies to VSX clusters as well.

@emmap my understanding of the sk VSX yes, but scalable platform not.

Any other way to probe a host different from the gateway address and behind the gateway not in the local attached subnet of an interface ? We found a limitation in an environment….. we can loose WAN connectivity but the interface and gateway address will be available in this case. That‘s why we want to monitor something behind the gateway and trigger a failover.

0 Kudos
Dario_Perez
Employee Employee
Employee
Wednesday
In response to Wolfgang

Not sure if we have other way to do that, but IP host monitoring is the best approach, that is an admin down or the Gateway if you lose the connectivity on site two and want to recover site 1, that would be a full outage, since the other side need an admin up As Far I remember. dynamic routing might help here 

0 Kudos
emmap
Employee
Employee
Wednesday
In response to Wolfgang

Yes my apologies, I was tired and the site wasn't working properly when I wrote that. So yea, VSX yes SP no. 

Is there something you can do on the upstream device to shut the interface to site 1 when WAN goes down?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events