Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Participant

Failure Test Methodology

Does the company have any manual on how to test the failover of a security gateway cluster?
For example, when the link load is high, when network availability is down, when the first node is down, etc.
Different variations on the testing methodology are of interest.

0 Kudos
4 Replies
Chris_Atkinson
Employee
Employee

The ClusterXL admin guide will cover the commands for initiating a graceful failover.

Link load itself is not a failover criteria, but depending on the scenario could lead to CCP loss which if significant enough _might_ appear similar to a link failure (disconnecting cable).

Rebooting / powering off a member is also a valid test.

0 Kudos
Hllrdm
Participant

Could you please clarify the section in the admin manual where I could see the Failure testing methodology.

0 Kudos
Amogha_Chandras
Employee
Employee

Hello In the admin guide, look for "How to Initiate Cluster Failover"

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ClusterXL_AdminGuide/html_fr...

 

Run the command clusterXL_admin down should failover the device

 

The sk55081 Best Practices - Manual fail-over in ClusterXL might also help - it explains how to perform a manual (controlled) failover in Check Point cluster while maintaining full connectivity with each cluster member, keeping interference with cluster's operations at a minimum.

 

0 Kudos
Bob_Zimmerman
Advisor

Worth noting: if you use 'clusterXL_admin down' to force a failover, remember to run 'clusterXL_admin up' afterwards. The admin_down status sticks around until you manually clear it (or reboot the member). I've seen people forget to clear it before, only to take an outage when they have a real failure on the other member.

I always run it as 'clusterXL_admin down;clusterXL_admin up'.