Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lloyd_Braun
Collaborator

CDT leaving mvc enabled on 1 cluster node?

I am noticing

 

mvc on

 

in a bunch of my r81.10 firewall cluster nodes' $FWDIR/boot/ha_boot.conf files.  It is only enabled for 1 node of the cluster, so the $FWDIR/boot/ha_boot.conf files are not consistent between cluster members.  These were upgraded r80.30 to r81.10 via Central Deployment Tool.   Is anyone else seeing this behavior from CDT? 

 

I am not noticing any impact yet except fw tab -t connections -s output shows the connection table counts about 20% off, between active/standby nodes. Usually these numbers would be a lot closer as far as I recall.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

In a cluster, MVC is not enabled on the last cluster node to get upgraded.
Which means, in a two node cluster, only one node will have MVC enabled.
Seems like expected behavior to me.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui... 

0 Kudos
Lloyd_Braun
Collaborator

I would expect the Central Deployment Tool to perform step #16, (disable the MVC mechanism.)  It is leaving MVC enabled (when upgrade has completed) on all the clusters I've checked. 

0 Kudos
mahmods
Employee
Employee

Hi @Lloyd_Braun , 

which version of CDT are you using? 
in CDT V1.9.7 (GA version) the expected behavior is to turn off MVC on the cluster members after completing the fail-over if the cluster version is R80.40 until R81.10

 

can you please share the CDT logs in private to my email for further investigation? send it please to: mahmods@checkpoint.com 

CDT saves its log files in this location on the Management Server:

/var/log/CPcdt/logs_<YYYY-MM-DD-HH-mm-ss>/

 

Thanks. 

Lloyd_Braun
Collaborator

this is an MDS

 

./CentralDeploymentTool -v
Central Deployment Tool (version 1.9.2 build #990180607)

 

I'm not seeing CDT logs at MDS or CMA levels

0 Kudos
mahmods
Employee
Employee

Hi @Lloyd_Braun , 

i strongly advice you to update CDT to the GA version (CDT V1.9.7). 

https://support.checkpoint.com/results/sk/sk111158 

using the updated version of CDT is very important in order to avoid such issues. 

if the issue reproduced after using CDT V1.9.7 please let me know via email. 

 

Thanks. 

0 Kudos
Lloyd_Braun
Collaborator

That sounds reasonable. I was assuming that code was updated automagically with JHF application so it looks like we're several revs back.

 

Thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events