This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Patrick150781
Explorer
‎2020-01-28 12:29 AM

Failover behavior in VSX environment

Dear CheckMates Community,

coud someone of you explain how failover works in a VSX environment. As far as I know, in a non VSX default setup the first and the last VLAN on a trunk interface will be monitored. If on of this VLAN can't process CCP pakets a pnote will be genarated an failover to the other (standby) cluster member.

But how does it works in VSX?

Please check below some outputs:

 

cphaprob -a if

vsid 5:
------
CCP mode: Manual (Broadcast)
Required interfaces: 4
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp321 UP non sync(non secured), broadcast
wrp320 UP non sync(non secured), broadcast
bond3 UP non sync(non secured), broadcast, bond Load Sharing (bond3.1002)

Virtual cluster interfaces: 9

wrp321 x.x.x.x
wrp320 192.168.x.1
bond2.2506 192.168.23x.46
bond2.1050 192.168.2x.164
bond2.2503 192.168.23x.22
bond3.1002 x.x.x.x
bond2.2509 192.168.23x.70
bond2.2505 192.168.23x.38
bond2.2504 192.168.23x.30

 

cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 192.168.x.25 0% STANDBY fw1
2 (local) 192.168.x.26 100% ACTIVE fw2


Active PNOTEs: None

Last member state change event:
Event Code: CLUS-115704
State change: STANDBY -> ACTIVE
Reason for state change: Member state has been changed due to issue in Virtual System 0
Event time: Tue Jan 21 11:04:26 2020

 

Thank you in advance.

BR

Patrick

 

0 Kudos
1 Reply
_Val_
Admin
Admin
‎2020-01-30 08:57 AM

Hi Patrick, I can see that you are running VSX in HA mode and not VSLS.

If HA, the interface probing stays the same, cluster fails over with all VSs from one physical member to another. With VSLS, the failover happens on per VS basis, unless one of your machines is completely dead. All VLANs are probed on per VS basis.

 

However, in your case I can also see that there was an issue on VS0, meaning on the physical entity. It does not seem to be an interface failure related to VLANs, as VS0 only operates MGMT IF and Sync IF.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events