This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Florin_Dumitru
Participant
‎2019-04-26 09:30 PM

R77.20.86 Cluster in bridge in Active/Standby mode is supported in 1400 appliances

Check Point 1400 Appliances Centrally Managed R77.20.86 Administration Guide contains the following statement: Cluster in bridge in Active/Standby mode is supported in 1400 appliances

The setup consists of two 1450 running R77.20.86 centrally managed by SMS R80.20, each 1450 having the WAN interface bridged to LAN1 (br0 interface has an IP on each appliance in the same subnet) to be part of a HA Cluster. 

After a lot of fiddling with the configurations, the cluster got configured however, one appliance is "Ok" and the other "Disconnected" (cannot even ping it).

Does anyone have some experience with this type of configuration and care to share any hints/details about the designed/expected behavior?

Regards,

Florin

0 Kudos
4 Replies
HristoGrigorov
MVP Gold
MVP Gold
‎2019-04-28 08:30 PM

Please paste here output from these commands on both members:

# cphaprob stat

# cphaprob -a if

Remember to obfuscate any public IPs in the output.

0 Kudos
Florin_Dumitru
Participant
‎2019-05-01 08:57 PM
In response to HristoGrigorov

Outputs below:

Member2 (member1 is “disconnected” at this time)

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1          192.168.212.3   ClusterXL Inactive or Machine is Down

2 (local)  192.168.212.2   Active

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       Disconnected          non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Bringing down memeber2, outputs for member1:

 

cphaprob stat

 

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

 

Number     Unique Address  Firewall State (*)

 

1 (local)  192.168.212.3   Active Attention

 

cphaprob -a if

 

Required interfaces: 1

Required secured interfaces: 1

 

WAN        Disconnected          non sync(non secured), broadcast

LAN2       UP                    sync(secured), broadcast

LAN6       Disconnected          non sync(non secured), broadcast

LAN1       DOWN (69.5 secs)      non sync(non secured), broadcast

br0        Disconnected          non sync(non secured), broadcast

 

Virtual cluster interfaces: 1

 

LAN1            192.168.200.1

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-05-02 03:11 AM
In response to Florin_Dumitru

With SMB, only one cluster node is configured, the HA node only copies the settings from the active node. So i would try to reset the standby node and configure it again following Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.85 p.14ff !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Florin_Dumitru
Participant
‎2019-05-01 09:20 PM
In response to HristoGrigorov

From the standby member:

cphaprob -a if                                               
Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), multicast
LAN2       UP                    sync(secured), multicast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), multicast
br0        Disconnected          non sync(non secured), broadcast

cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1          192.168.212.3   Active
2 (local)  192.168.212.2   Active

I cannot connect to the "active" unless is stop the standby member (I got no (ssh, https_4434, icmp) traffic.

Once I run cphastop:

 cphaprob stat

Cluster Mode:   High Availability (Active Up, Bridge Mode) with IGMP Membership

Number     Unique Address  Firewall State (*)

1 (local)  192.168.212.3   Active
2          192.168.212.2   ClusterXL Inactive or Machine is Down

cphaprob -a if

Required interfaces: 1
Required secured interfaces: 1

WAN        Disconnected          non sync(non secured), broadcast
LAN2       UP                    sync(secured), broadcast
LAN6       Disconnected          non sync(non secured), broadcast
LAN1       Disconnected          non sync(non secured), broadcast
br0        Disconnected          non sync(non secured), broadcast

In this state, I can ssh to both gateways.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events