This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Carlos_Silva
Explorer
‎2018-08-28 10:45 AM

Connections after cluster failure test

Hello, can you help me? We have the following problem.
The client has an Active/Standby cluster.

When I turn off the active node, the standby normally takes over the environment.
With this action, the gateways switch function.

The node that was active becomes standby and the standby is active.

So far, no problem.


The problem occurs when I unplug the node that was previously standby and became active.

At that point, users' Internet access stops happening.
When applying policy, how the connections are reestablished.

Some information:

1. In the log, the connections appear as Accept;
2. If a user accesses a banned site, the banned access page is displayed;
3. External publications work smoothly;
4. It is possible to ping in stations that do not navigate.
5. Servers that are in the DMZ do not face the problem.


I created a rule above the web filtering rule and this host does not face the problem.
Apparently the problem has to do with user sessions.

[Expert@gw01:0]# cphaprob stat

Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 10.255.1.18 100% Active
2 (local) 10.255.1.17 0% Standby

Local member is in current state since Tue Aug 28 14:15:10 2018

[Expert@gw02:0]# cphaprob stat

Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 10.255.1.18 100% Active
2 10.255.1.17 0% Standby

Local member is in current state since Tue Aug 28 12:12:54 2018

Thank You

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2018-08-28 04:17 PM

You didn't mention the version/patch level of the gateway, which is almost always a relevant detail.

It also seems like you're using App Control/URL Filtering, but did not explicitly state this. 

I would open a TAC case and have them investigate in more detail.

0 Kudos
Carlos_Silva
Explorer
‎2018-08-30 04:49 PM

Dameon, thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top