Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Florin_Dumitru
Participant

R77.20.86 Cluster in bridge in Active/Standby mode is supported in 1400 appliances

Check Point 1400 Appliances Centrally Managed R77.20.86 Administration Guide contains the following statement: Cluster in bridge in Active/Standby mode is supported in 1400 appliances

The setup consists of two 1450 running R77.20.86 centrally managed by SMS R80.20, each 1450 having the WAN interface bridged to LAN1 (br0 interface has an IP on each appliance in the same subnet) to be part of a HA Cluster. 

After a lot of fiddling with the configurations, the cluster got configured however, one appliance is "Ok" and the other "Disconnected" (cannot even ping it).

Does anyone have some experience with this type of configuration and care to share any hints/details about the designed/expected behavior?

Regards,

Florin

0 Kudos
4 Replies
HristoGrigorov

Please paste here output from these commands on both members:

# cphaprob stat

# cphaprob -a if

Remember to obfuscate any public IPs in the output.

0 Kudos
Florin_Dumitru
Participant

Outputs below:

Member2 (member1 is “disconnected” at this time)

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1          192.168.212.3   ClusterXL Inactive or Machine is Down

2 (local)  192.168.212.2   Active

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       Disconnected          non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Bringing down memeber2, outputs for member1:

 

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1 (local)  192.168.212.3   Active Attention

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       DOWN (69.5 secs)      non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Virtual cluster interfaces: 1

 

LAN1            192.168.200.1

0 Kudos
G_W_Albrecht
Legend
Legend

With SMB, only one cluster node is configured, the HA node only copies the settings from the active node. So i would try to reset the standby node and configure it again following Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.85 p.14ff !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Florin_Dumitru
Participant

From the standby member:

cphaprob -a if                                               
Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), multicast
LAN2       UP                    sync(secured), multicast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), multicast
br0        Disconnected          non sync(non secured), broadcast

cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1          192.168.212.3   Active
2 (local)  192.168.212.2   Active

I cannot connect to the "active" unless is stop the standby member (I got no (ssh, https_4434, icmp) traffic.

Once I run cphastop:

 cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1 (local)  192.168.212.3   Active
2          192.168.212.2   ClusterXL Inactive or Machine is Down

cphaprob -a if

Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), broadcast
LAN2       UP                    sync(secured), broadcast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), broadcast
br0        Disconnected          non sync(non secured), broadcast

In this state, I can ssh to both gateways.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events