This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Fatalis
Explorer
‎2025-07-30 09:20 PM
Jump to solution

Cluster active member lost R81.20 Take 98

Following a recent replacement of the firewall cluster hardware and re‑IP of the cluster members, the standby member is reporting as Normal in SmartConsole, while the active member is displaying a “Lost” status.

Both members are reachable via SSH, and cphaprob stat indicates that the cluster members are powered on and appear healthy from the command line. ClusterXL traffic between members is also confirmed to be flowing normally, suggesting that synchronization is occurring.

However, logs from other connected systems began reporting anti‑spoofing drops shortly after the change.

Will test SIC re-establishment and fw unloadlocal next. Also users report successful traffic.

0 Kudos
1 Solution

Accepted Solutions
Fatalis
Explorer
‎2025-07-31 09:42 AM
Jump to solution

The new member pulled a default local license during setup. That local license was generated against its default interface IP (192.168.1.1).

Solution:
Re‑generating the license with the new IP which seems to have resolved the issue

View solution in original post

8 Replies
Lesley
Authority Authority
Authority
‎2025-07-31 01:49 AM
Jump to solution

SIC is not working with the active member. This is not related to clustering. You have to check why SIC is not working. This is the communication between mgmt and fw. If you see spoofing drops maybe this SIC traffic is also dropped. Start with a quick drop check: fw ctl zdebug + drop | grep IP mgmt on the fw-a when you press SIC test in Smart Console. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
Fatalis
Explorer
‎2025-07-31 08:54 AM
In response to Lesley
Jump to solution

Resolved the issue 
The new members pulled a default local license during setup 192.168.1.1

re-attached the correct license and all seems normal now!

Thank you for replying so quickly

 

 

0 Kudos
the_rock
Legend
Legend
‎2025-07-31 07:47 AM
Jump to solution

What doies cphaprob -a if show on that member?

Andy

Fatalis
Explorer
‎2025-07-31 08:58 AM
In response to the_rock
Jump to solution

All interfaces are up and running but looks like the new members pulled a default local license during setup. Updated the correct license information and all seems to be running correctly now.

Thank you for the quick response!

0 Kudos
the_rock
Legend
Legend
‎2025-07-31 09:22 AM
Jump to solution

Hey @Fatalis 

If you are allowed to do remote, happy to assist. Im busy with large project converting from Fortigate to CP, but since Im way ahead of schedule, have time to spare. Let me know.

Andy

0 Kudos
Fatalis
Explorer
‎2025-07-31 09:42 AM
Jump to solution

The new member pulled a default local license during setup. That local license was generated against its default interface IP (192.168.1.1).

Solution:
Re‑generating the license with the new IP which seems to have resolved the issue

Fatalis
Explorer
‎2025-07-31 12:08 PM
In response to Fatalis
Jump to solution

Corresponding issue for anti-spoofing:

An Interface was duplicated from an existing setup.
Re-configured interface with correct network.

the_rock
Legend
Legend
‎2025-07-31 12:08 PM
In response to Fatalis
Jump to solution

Excellent job!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events