Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mick_Woodman
Explorer

Do the Check Point 1200R devices have an automatic failback option

I am clustering 2 Checkpoint 1200R devices. When I fail over the primary unit to the secondary device, all is good. When the primary unit is restored, is there an option to fail back the unit automatically ?

0 Kudos
12 Replies
Danny
Champion Champion
Champion

Yes, that is possible. You can configure this in SmartDashboard within the ClusterXL settings of the cluster object.

Define priorities within 'Cluster Members', then select 'Switch to higher priority Cluster Member' within 'ClusterXL'.

0 Kudos
Mick_Woodman
Explorer

Hi Danny

I appreciate you prompt response, however, I don't have access to SmartDashboard. I am using FireFox (Internet Explorer) to access these devices via the GUI interface. My only other option is via the console interface using CLI. 

Regards

Mick W

0 Kudos
Danny
Champion Champion
Champion

Then read my 1400 Appliance FAQ, it's good for 1200R's as well.

First, you should use Google's Chrome Browser.

Second, while there is no 'Switch to primary cluster member' option directly available in the WebUI when locally managing 1200R clusters, you can easily setup a trivial Bash script that is running on the primary member checking the cluster status. If the secondary member is 'Active' and the primary one 'Standby', the Bash script would simply issue the command 'clusterXL_admin down; clusterXL_admin up' on the secondary cluster member.

0 Kudos
Mick_Woodman
Explorer

Thanks Danny, I appreciate your help. I'll give it a try.

0 Kudos
G_W_Albrecht
Legend
Legend

This is a known SMB limitation:

sk111854 1100 ClusterXL does not fail-back to Primary member  says that after a fail-over of the 1100 HA Cluster, when the Primary member is eligible again to resume handling the traffic, a fail back does not occur, and the former Secondary member continues handling the traffic instead. No fix is required; the system is functioning as designed.

So either leave it as it is - the nodes are in sync and it does not matter which one of both is active (that is different to GAiA Full Management HA), do a manual failover (the procedure from sk111854) or use the script from Dannys suggestion.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Mick_Woodman
Explorer

Hi Gunther, thanks very much for your help.

0 Kudos
VENKAT_S_P
Collaborator

Do we have a shutdown command in 1200R?

0 Kudos
G_W_Albrecht
Legend
Legend


[Expert@1200R]# shutdown
Usage:    shutdown [-akrhPHfFnc] [-t sec] time [warning message]
                  -a:      use /etc/shutdown.allow
                  -k:      don't really shutdown, only warn.
                  -r:      reboot after shutdown.
                  -h:      halt after shutdown.
                  -P:      halt action is to turn off power.
                  -H:      halt action is to just halt.
                  -f:      do a 'fast' reboot (skip fsck).
                  -F:      Force fsck on reboot.
                  -n:      do not go through "init" but go down real fast.
                  -c:      cancel a running shutdown.
                  -t secs: delay between warning and kill signal.
                  ** the "time" argument is mandatory! (try "now") **

CCSE CCTE CCSM SMB Specialist
G_W_Albrecht
Legend
Legend

Even this is possible:

[Expert@1200R]# halt
Are you sure? (y/n)

CCSE CCTE CCSM SMB Specialist
VENKAT_S_P
Collaborator

Thank you, this helps.

0 Kudos
VENKAT_S_P
Collaborator

I gave all these commands, but i never see my firewall goes down - i have active serial connection.

1) halt

2) shutdown -h 0

3) shutdown -h -P 0

 

All the commands gave this general message:

The system is going down for system halt NOW!

My LED is solid green.

I assume as there is power-on button, its mandatory to remove the power-source from the unit.

0 Kudos
HristoGrigorov

Same is on 1470. I am not sure that is even supposed to work. While 'halt' is only supposed to halt OS, 'halt -P' is also supposed to send ACPI command to PSU to cut off power from device. Because SMB is using external PSU I do not think it is possible to send ACPI commands to it.

Power off button will do the same as disconnecting PSU from device. Both of them require to go to the device that in some case might be a problem.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events