Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tspunkt
Contributor

SMB Cluster Member Probing Failed

Hi Checkmates,

in a central managed 1800er cluster I suddenly found the problem, that the StandBy Member is unable to test Internet Connection. Status says "No Internet Acces (Probing failed)". Internet is configured with static IP. I believe that after the policy install the gateway shows to this error.

Default gateway is not able to ping, other servers e.g 1.1.1.1 are not able to ping, other gateway member is able to ping. Public IP is able to ping from outside.

From the Active Gateway everything is working fine.

Packet Capture shows ICMP request, but never shows a reply on WAN port.

Any idea what I can do for deeper analysis?

R80.20.35 is installed. Newest firmware does not change anything.

Thank you.

0 Kudos
11 Replies
_Val_
Admin
Admin

Please look into sk172884

0 Kudos
tspunkt
Contributor

Thanks, but this is not the behavior. The cluster isn't able to make a switch of active member, because the standby member is in error state during internet connection loss (caused by this probing error).

SmartView says "Error: Refer to the Notification and Interfaces tables for information about the problem".

In details there is: ConnMonitor | Problem | 0.

Is it possible, that Spoofing on WAN interfaces causing this problem? VMAC is disabled.

0 Kudos
_Val_
Admin
Admin

Just to make sure, both SMB cluster members have their external interfaces with a routable IP? Or just VIP?

0 Kudos
tspunkt
Contributor

I have 2 devices, and 3 public IPs. Configured as "Cluster" in topology.

0 Kudos
_Val_
Admin
Admin

Understood. I suggest you open a TAC request

0 Kudos
the_rock
Champion
Champion

Just to clarify, are you saying this was never problem before, until you pushed the policy today? I think sk @_Val_ provided makes sense.

Also, below link may provide some insight.

https://community.checkpoint.com/t5/SMB-Gateways-Spark/WAN-Probing-failed-no-internet/m-p/133335#M59...

Andy

0 Kudos
tspunkt
Contributor

Well, it's the first time the standby member goes to "red" in management after policy install. Maybe it is coincidence.

The point is, that the cluster worked as expected before,

Connection Monitoring on WAN is testing the connectivity very 5 seconds, and suddenly the standby member was in down state.

From another cluster (3600 appliance) in a complete different network ping to external works normal, from both devices.

the_rock
Champion
Champion

Yes, definitely contact TAC, something is broken with that cluster, for sure.

0 Kudos
tspunkt
Contributor

ok, thanks. I will open a case for this.

0 Kudos
Amir_Ayalon
Employee
Employee

please install latest R80.20.35 firmware Build 992002614 which will probably solve the issue.

if not, please share SR number.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
tspunkt
Contributor

latest firmware already installed.

Case is running under 6-0003182182.

0 Kudos