This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mick_Woodman
Explorer
‎2018-04-10 02:06 PM

Do the Check Point 1200R devices have an automatic failback option

I am clustering 2 Checkpoint 1200R devices. When I fail over the primary unit to the secondary device, all is good. When the primary unit is restored, is there an option to fail back the unit automatically ?

0 Kudos
12 Replies
Danny
Champion Champion
Champion
‎2018-04-10 09:50 PM

Yes, that is possible. You can configure this in SmartDashboard within the ClusterXL settings of the cluster object.

Define priorities within 'Cluster Members', then select 'Switch to higher priority Cluster Member' within 'ClusterXL'.

0 Kudos
Mick_Woodman
Explorer
‎2018-04-10 10:07 PM
In response to Danny

Hi Danny

I appreciate you prompt response, however, I don't have access to SmartDashboard. I am using FireFox (Internet Explorer) to access these devices via the GUI interface. My only other option is via the console interface using CLI. 

Regards

Mick W

0 Kudos
Danny
Champion Champion
Champion
‎2018-04-10 11:41 PM
In response to Mick_Woodman

Then read my 1400 Appliance FAQ, it's good for 1200R's as well.

First, you should use Google's Chrome Browser.

Second, while there is no 'Switch to primary cluster member' option directly available in the WebUI when locally managing 1200R clusters, you can easily setup a trivial Bash script that is running on the primary member checking the cluster status. If the secondary member is 'Active' and the primary one 'Standby', the Bash script would simply issue the command 'clusterXL_admin down; clusterXL_admin up' on the secondary cluster member.

0 Kudos
Mick_Woodman
Explorer
‎2018-04-11 02:27 PM
In response to Danny

Thanks Danny, I appreciate your help. I'll give it a try.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-04-11 01:13 AM

This is a known SMB limitation:

sk111854 1100 ClusterXL does not fail-back to Primary member  says that after a fail-over of the 1100 HA Cluster, when the Primary member is eligible again to resume handling the traffic, a fail back does not occur, and the former Secondary member continues handling the traffic instead. No fix is required; the system is functioning as designed.

So either leave it as it is - the nodes are in sync and it does not matter which one of both is active (that is different to GAiA Full Management HA), do a manual failover (the procedure from sk111854) or use the script from Dannys suggestion.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mick_Woodman
Explorer
‎2018-04-11 02:28 PM
In response to G_W_Albrecht

Hi Gunther, thanks very much for your help.

0 Kudos
VENKAT_S_P
Collaborator
‎2018-05-10 03:02 PM

Do we have a shutdown command in 1200R?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-05-11 02:13 AM
In response to VENKAT_S_P


[Expert@1200R]# shutdown
Usage:    shutdown [-akrhPHfFnc] [-t sec] time [warning message]
                  -a:      use /etc/shutdown.allow
                  -k:      don't really shutdown, only warn.
                  -r:      reboot after shutdown.
                  -h:      halt after shutdown.
                  -P:      halt action is to turn off power.
                  -H:      halt action is to just halt.
                  -f:      do a 'fast' reboot (skip fsck).
                  -F:      Force fsck on reboot.
                  -n:      do not go through "init" but go down real fast.
                  -c:      cancel a running shutdown.
                  -t secs: delay between warning and kill signal.
                  ** the "time" argument is mandatory! (try "now") **

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
Legend Legend
Legend
‎2018-05-11 02:15 AM
In response to VENKAT_S_P

Even this is possible:

[Expert@1200R]# halt
Are you sure? (y/n)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
VENKAT_S_P
Collaborator
‎2018-05-11 07:23 AM
In response to G_W_Albrecht

Thank you, this helps.

0 Kudos
VENKAT_S_P
Collaborator
‎2018-05-21 12:33 PM
In response to G_W_Albrecht

I gave all these commands, but i never see my firewall goes down - i have active serial connection.

1) halt

2) shutdown -h 0

3) shutdown -h -P 0

 

All the commands gave this general message:

The system is going down for system halt NOW!

My LED is solid green.

I assume as there is power-on button, its mandatory to remove the power-source from the unit.

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2018-05-21 08:37 PM
In response to VENKAT_S_P

Same is on 1470. I am not sure that is even supposed to work. While 'halt' is only supposed to halt OS, 'halt -P' is also supposed to send ACPI command to PSU to cut off power from device. Because SMB is using external PSU I do not think it is possible to send ACPI commands to it.

Power off button will do the same as disconnecting PSU from device. Both of them require to go to the device that in some case might be a problem.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top