This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RobertZdunek2
Explorer
2 weeks ago

Issue with Check Point Load Balancer Traffic Routing

Dear Team,

We recently configured a load balancer using the Check Point Load Balancer to distribute HTTPS traffic between two servers (Server A and Server B) using the round-robin method without session persistence. Based on my observations, the load balancer performs health checks using ICMP.

Due to specific project requirements, we needed to temporarily remove Server B from the load balancer's server group. After removing Server B from the configuration and installing the updated policy, traffic continued to be routed to Server B.

Could you please help clarify why this behavior occurred and advise on any potential misconfigurations or additional steps required to address the issue?

Thank you for your assistance.

Best regards,

Robert Zdunek

0 Kudos
7 Replies
the_rock
Legend
Legend
2 weeks ago

Hi Robert,

Can you confirm if that server is currently possibly being used elsewhere in the policy?

Andy

0 Kudos
RobertZdunek2
Explorer
2 weeks ago
In response to the_rock

Hi the_rock,

Server B object is never used directly in any policy, server group object (containing Server A and Server B) is used in two Load Balancer Objects. Load Balancer object (balancing requests to mentioned server group) that we're talking about is used twice, one for https request and one for communication on other port.

BR,

Robert

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to RobertZdunek2

Got it. In that case, the only other place I can think of to check would be guidbedit.

Andy

0 Kudos
RobertZdunek2
Explorer
a week ago
In response to the_rock

Do you know where to look for? Aren't there any magic refresh LB cache command?

 

BR,

Robert

0 Kudos
D_W
Advisor
a week ago
In response to RobertZdunek2

The new policy will only affect new sessions. So you might have to manually kick existing sessions via the "fw ctl conntab -x" command. For syntax see https://support.checkpoint.com/results/sk/sk103876

0 Kudos
garrod
Contributor
2 weeks ago

I know limited resource in admin guide as well, can try to install database and install policy again to verify?

0 Kudos
RobertZdunek2
Explorer
2 weeks ago
In response to garrod

I've done that, but it did not help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events