This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AdaCoul
Participant
‎2018-05-11 08:16 AM

Cluster member shows "disconnect" in SmartView Monitor

Hi everyone !

I'm a new user.

Since the morning, I have a problem with one of my firewalls.

I have two firewalls (FW-1 and FW-2) which are in Cluster configuration and managed by two Smart-1 (Smart-1 PRI and Smart-1 SEC). When I go through SmartView Monitor FW-2 status is "disconnected".

What are the reasons and how could I solve the issue ?

Thanks !

0 Kudos
5 Replies
XavierBens
Employee
Employee
‎2018-05-11 11:29 AM

OK; first of all: welcome Secondly, please move this message into Appliances and Gaia topics.

Then, you must use ClusterXL (I assume you used it in order to establishe the cluster between your two Security Gateways) commands to understand what is the status ans why there is an error.

Look at sk56202‌ How to troubleshoot failovers in ClusterXL and come again if you didn't find your answer.

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite
0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-12 11:32 AM
In response to XavierBens

Not sure users can move their own threads.

That said, I usually will move new threads as I see them. 

However, if you want to be sure it happens, just tag me.

0 Kudos
AdaCoul
Participant
‎2018-05-16 08:22 AM

Hi everyone,

I have looked at sk56202‌ How to troubleshoot failovers in ClusterXL.

When I type cphaprob state command on FW-1, it shows "active attention" on FW-1 and "clusterXL inactive or machine is down" on FW-2. But when I type this command on FW-2 it shows "error : localhost is not a firewall-1 module ".

Let me mentioned that the two Security Gateways are in two remote Sites and in a same Cluster.

When I ping another machine from the faulty Security Gateway (FW-2), I get response. But pingfrom another machine to FW-2 doesn't work.

I also try to type cpconfig command and I got message error : cannot get CPDIR from the registy.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-16 10:04 AM
In response to AdaCoul

"Localhost is not a FireWall-1 Module" and "cannot get CPDIR from the registry" points to much larger issues.

TAC may be able to assist here, but I suspect you'll have to rebuild FW-2. 

AdaCoul
Participant
‎2018-05-24 11:29 AM
In response to PhoneBoy

I contacted TAC and it results that the database and most system files are corrupt. And as you said, FW-2 needs to be rebuilt.

Thank You for your help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top