Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

SMB Firewall Cluster

Hi Team,

We have SMB firewalls in ACTIVE/ACTIVE mode. We need to change it to ACTIVE/STANDBY. May i know how we can change this? Does it require downtime at all?

Regards,

Sanjay S

0 Kudos
13 Replies
G_W_Albrecht
Legend Legend
Legend

SMB firewalls do have no active/active = load sharing mode at all - see sk178604: Check Point R81.10.X for 1500, 1600, and 1800 appliance Known Limitations and Resolved Iss... and refer to sk115868 !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Yes you should plan for downtime.

Refer below for locally managed:

https://sc1.checkpoint.com/documents/smb_r81.10.x/adminguides_locally_managed/en/content/topics/conf...

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Why do you suggest downtime although ClusterXL Loadsharing does not exist on SMBs ? Also the suggested link does not work - use https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Conf...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Did you review the guide and look at the changes required for a cluster?

Whilst we dont have enough information one or more devices require reconfiguration here. 

Active/Active could also imply independent devices for some...

 

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
Legend Legend
Legend

This depends all on the  steps already done, but currently cluster XL can not be in load sharing mode...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

We agree, the original post doesn't mention Cluster XL 🙂

@Sanjay_S Please clarify your existing configuration and appliance model.

CCSM R77/R80/ELITE
0 Kudos
Sanjay_S
Advisor

Hi Chris,

The device model is Checkpoint 1550, R80.20.20. 

Cluster Mode: High Availability (Active Up, Bridge Mode) with IGMP Membership

Both the devices are in ACTIVE/ACTIVE state.

Just want to change this to ACTIVE/STANDBY Mode.

I think it is pretty straight forward in the normal Gaia, just going into cpconfig and changing the cluster config. But not sure about this. 

Just going through the SKs shared above.

Thanks @G_W_Albrecht  @Chris_Atkinson 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

The guide provided won't apply to your current state.

You currently have an unsupported configuration (sk159772 / sk121096) so conversion without downtime cannot be guaranteed, least not without prior testing.

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to update to a newer firmware - R80.20.20 is outdated ! Is this SMB locally managed ? High Availability (Active Up, Bridge Mode) with IGMP Membership is OK. https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Conf...

SMB CLI has no cpconfig command, see Admin Guide, this is Embedded GAiA.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
anstelios
Collaborator

Can you please help me on a quick question here?

I can't find anywhere the configuration option for Active-Up or Primary-Up for a centrally managed SMB cluster (1600).
Where is it?? Is it possible to configure this? If not, what is the default mode??

Thing is that I have different behaviors on two different 1600 clusters...
One does switch to primary when it's up with (Member state has been changed after returning from ACTIVE/ACTIVE scenario (remote cluster member TESTFW1 has higher priority)
And the other 1600 cluster just stays on whichever member is active at any time..!!
So there must be a configuration option for this behavior somewhere... where is it???? 😛

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Just follow the steps listed here:

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Co...

With SMB GWs, you have an active node that is up all the time. When it fails, standby node comes up.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
anstelios
Collaborator

thanks,

I am not trying to configure new clusters here.

I am talking about existing clusters and specifically looking for the feature that is available for normal GAIA clusters:

Screenshot 2023-06-23 131822.jpg

Is something similar available for SMB??

If not, what is the default behavior upon recovery? does it switch to higher priority member or stays as is??

0 Kudos
G_W_Albrecht
Legend Legend
Legend

In GAiA, both nodes are configured, but with SMB, only the active node is ! The standby member is synced from the first, active node - also see Converting an Existing Quantum Spark Appliance to a Cluster. Afaik after failover it would switch to promary as active again if it is available.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events