Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

R77.20.86 Cluster in bridge in Active/Standby mode is supported in 1400 appliances

Check Point 1400 Appliances Centrally Managed R77.20.86 Administration Guide contains the following statement: Cluster in bridge in Active/Standby mode is supported in 1400 appliances

The setup consists of two 1450 running R77.20.86 centrally managed by SMS R80.20, each 1450 having the WAN interface bridged to LAN1 (br0 interface has an IP on each appliance in the same subnet) to be part of a HA Cluster. 

After a lot of fiddling with the configurations, the cluster got configured however, one appliance is "Ok" and the other "Disconnected" (cannot even ping it).

Does anyone have some experience with this type of configuration and care to share any hints/details about the designed/expected behavior?

Regards,

Florin

0 Kudos
4 Replies
Highlighted
Platinum

Please paste here output from these commands on both members:

# cphaprob stat

# cphaprob -a if

Remember to obfuscate any public IPs in the output.

0 Kudos
Highlighted

Outputs below:

Member2 (member1 is “disconnected” at this time)

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1          192.168.212.3   ClusterXL Inactive or Machine is Down

2 (local)  192.168.212.2   Active

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       Disconnected          non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Bringing down memeber2, outputs for member1:

 

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1 (local)  192.168.212.3   Active Attention

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       DOWN (69.5 secs)      non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Virtual cluster interfaces: 1

 

LAN1            192.168.200.1

0 Kudos
Highlighted
Sapphire

With SMB, only one cluster node is configured, the HA node only copies the settings from the active node. So i would try to reset the standby node and configure it again following Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.85 p.14ff !

0 Kudos
Highlighted

From the standby member:

cphaprob -a if                                               
Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), multicast
LAN2       UP                    sync(secured), multicast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), multicast
br0        Disconnected          non sync(non secured), broadcast

cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1          192.168.212.3   Active
2 (local)  192.168.212.2   Active

I cannot connect to the "active" unless is stop the standby member (I got no (ssh, https_4434, icmp) traffic.

Once I run cphastop:

 cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1 (local)  192.168.212.3   Active
2          192.168.212.2   ClusterXL Inactive or Machine is Down

cphaprob -a if

Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), broadcast
LAN2       UP                    sync(secured), broadcast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), broadcast
br0        Disconnected          non sync(non secured), broadcast

In this state, I can ssh to both gateways.

0 Kudos