Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KnutG
Participant
Jump to solution

Logical server failover not working

We have a problem with Connectcontrol and logical server with 2 hosts. When we take down one of the hosts behind the logical server it seems like it doesnt know that the host is down and keeps sending traffic towards it, witch result in error at the clientside ofcourse.

Any tips is appreciated

Rgds

Knut

0 Kudos
1 Solution

Accepted Solutions
KnutG
Participant

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

MicrosoftTeams-image (4).png

View solution in original post

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

Review the following SK for supported configurations: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
I believe this is expected behavior since we're not monitoring the remote server at all. 

(1)
KnutG
Participant

Hi PhoneBoy

Thanks for the reply. 

According to the document you mention, it states this:

ConnectControl runs on the Security Gateway and does not impose any additional memory or processing requirements. It continuously checks the availability of each server, and if a server fails or is unreachable, ConnectControl stops directing connections to that server until it becomes available

However when a server becomes unavailable, no new connections can be made to any of the remaining servers in the group either? 

0 Kudos
_Val_
Admin
Admin

Hi @KnutG 

There is an internal note on that SK stating that this feature is considered a legacy one, and has not been developed or tested on any of the supported versions today. 

You may want to open a TAC request, to get an official answer here. Personally, I would advise putting an application load-balancer before the servers instead of using a ConnectControl feature. 

0 Kudos
KnutG
Participant

Thanks _Val_

We are trying to eliminate singel point of failure, so adding an extra point of failure is defeating the purpose.

Everything works very well as long as all members are alive, when one member dies, the gateway stops serving all request, when bringing the dead server online again every thing starts to act normal again and gets distributed evenly.

0 Kudos
_Val_
Admin
Admin

I understand. Look here, just in case: https://www.nginx.com/products/nginx/high-availability/

0 Kudos
KnutG
Participant

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

MicrosoftTeams-image (4).png

0 Kudos
_Val_
Admin
Admin

Great, I am happy it is working for you now. Legacy service note, it still stands 🙂

0 Kudos
Peter_Lyndley
Advisor
Advisor

Every available version of the admin guides, still states that Server Persistency - by server - works and is available to use - however it does not.

If there is an Internal SK note, not publically available, how are we meant to prove to customers that this feature is no longer there and they need a different solution ? Can someone double confirm that Server Persistency cannot work (due to no healthchecking of the servers) and make it public please.

PhoneBoy
Admin
Admin

We've recently updated https://support.checkpoint.com/results/sk/sk31162 to list the options that are supported.
It does not explicitly mention the "persistent server" option as unsupported, but I suspect it isn't.
I will see if we can get the SK updated with this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events