Solved: Logical server failover not working

KnutG · ‎2023-01-13

We have a problem with Connectcontrol and logical server with 2 hosts. When we take down one of the hosts behind the logical server it seems like it doesnt know that the host is down and keeps sending traffic towards it, witch result in error at the clientside ofcourse.

Any tips is appreciated

Rgds

Knut

KnutG · ‎2023-01-16

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

View solution in original post

PhoneBoy · ‎2023-01-13

Review the following SK for supported configurations: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I believe this is expected behavior since we're not monitoring the remote server at all.

KnutG · ‎2023-01-16

Hi PhoneBoy

Thanks for the reply.

According to the document you mention, it states this:

ConnectControl runs on the Security Gateway and does not impose any additional memory or processing requirements. It continuously checks the availability of each server, and if a server fails or is unreachable, ConnectControl stops directing connections to that server until it becomes available

However when a server becomes unavailable, no new connections can be made to any of the remaining servers in the group either?

_Val_ · ‎2023-01-16

Hi @KnutG

There is an internal note on that SK stating that this feature is considered a legacy one, and has not been developed or tested on any of the supported versions today.

You may want to open a TAC request, to get an official answer here. Personally, I would advise putting an application load-balancer before the servers instead of using a ConnectControl feature.

KnutG · ‎2023-01-16

Thanks _Val_

We are trying to eliminate singel point of failure, so adding an extra point of failure is defeating the purpose.

Everything works very well as long as all members are alive, when one member dies, the gateway stops serving all request, when bringing the dead server online again every thing starts to act normal again and gets distributed evenly.

_Val_ · ‎2023-01-16

I understand. Look here, just in case: https://www.nginx.com/products/nginx/high-availability/

KnutG · ‎2023-01-16

After fiddling back and forth we actually found the culprit.

Removed the checkmark for "Use persistent server mode" on the Logical server object and it works like a charm😀

_Val_ · ‎2023-01-16

Great, I am happy it is working for you now. Legacy service note, it still stands 🙂

Peter_Lyndley · ‎2023-10-09

Every available version of the admin guides, still states that Server Persistency - by server - works and is available to use - however it does not.

If there is an Internal SK note, not publically available, how are we meant to prove to customers that this feature is no longer there and they need a different solution ? Can someone double confirm that Server Persistency cannot work (due to no healthchecking of the servers) and make it public please.

PhoneBoy · ‎2023-10-09

We've recently updated https://support.checkpoint.com/results/sk/sk31162 to list the options that are supported.
It does not explicitly mention the "persistent server" option as unsupported, but I suspect it isn't.
I will see if we can get the SK updated with this.

Are you a member of CheckMates?

Logical server failover not working