- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello all !
I try to play with R82 ElasticXL lab in vmware env, but I'm stuck in a strange situation...
I read the admin doc, giving me the same way that process writed by @HeikoAnkenbrand:
Solved: R82 – Install ElasticXL Cluster - Check Point CheckMates
However, i get a sort of split brain scenario, and no traffic can pass...
SGM 1_01 show:
--------------------------------------------------------------------------------
| System Status - ElasticXL |
--------------------------------------------------------------------------------
| Up time | 15:44:33 hours |
| Members | 1 / 2 ! |
| Version | R82 (Build Number 633) |
| FW Policy Date | 03Jul24 14:29 |
| AMW Policy Date | N/A |
--------------------------------------------------------------------------------
| Member ID Site1 |
| ACTIVE |
--------------------------------------------------------------------------------
| 1 ACTIVE |
| 2 LOST |
--------------------------------------------------------------------------------
And SGM 1_02 show:
--------------------------------------------------------------------------------
| System Status - ElasticXL |
--------------------------------------------------------------------------------
| Up time | 16:47 minutes |
| Members | 1 / 2 ! |
| Version | R82 (Build Number 633) |
| FW Policy Date | 03Jul24 14:29 |
| AMW Policy Date | N/A |
--------------------------------------------------------------------------------
| Member ID Site1 |
| ACTIVE |
--------------------------------------------------------------------------------
| 1 LOST |
| 2 ACTIVE |
--------------------------------------------------------------------------------
I try to rebuild this several times but still get the issue...
Any advice ?
Thanks a lot to @ShaiF for this quick fix !
For everyone: we sort out of the issue by disabling promiscuous mode on the sync vlan !
Its exact same link I followed as well, but since Israel folks told me that eve-nbg is not supported, I think thats totally fair, as I dont like to waste time on unsupported platforms. Im sure vmware should be though, but maybe someone from CP can verify.
Andy
Just for context, what does this tab look like for you?
Andy
K, I sort of figured that was the case. Does it help if you reboot that member?
Andy
Of course I try 😁
But still the same issue...
Trying to add a second site give me the same issue.
With or without JHF13 give me the same issue...
The strange things is that smo auto-cloning is working well for exemple, really strange situation (and I have already deploy somes maestro, so it's not suppose to be totaly new for me 🙂
Lets see what CP folks say...sorry mate, I got nothing else 😂
Andy
Hi,
You need to debug your Sync network.
Please share what's working from SMO
1. ping other member
2. move other member using m command
3. g_all echo 1 (do you see output from all members)
in addition check permission on your vSwitches and make sure promiscuous mode on reject
Make sure to compare the mac address of eth1-Sync and see on VM it is connected to your sync network on both members
Regards,
Shai
Hi,
For information, my SYNC network is a local VLAN on my ESX host, shared only with this 2 SGMs.
1/ yes ping is working on sync (ping ok between 192.0.2.1 and 192.0.2.2)
2/ not working:
[Expert@ADE-CHKP-R82EA-SMO-s01-01:0]# m 1_02
IP address for member 1_02 is unavailable
3/ g_all is executed only on one member
Thanks for your help here,
Arthur
please ack promiscuous mode is enabled on Sync vSwitches. and confirm the mac address on eth1-Sync correlate with the mac on the network adapter connected to your sync network on both members
in addition - we can see traffic between members over eth1-Sync:
[Expert@ADE-CHKP-R82EA-SMO-s01-02:0]# tcpdump -nni eth1-Sync host 192.0.2.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1-Sync, link-type EN10MB (Ethernet), capture size 262144 bytes
15:59:27.365392 IP 192.0.2.1.1135 > 192.0.2.255.1135: UDP, length 807
15:59:27.392815 IP 192.0.2.2.36379 > 192.0.2.1.6380: Flags [.], seq 614975352:614976800, ack 1404429924, win 29, options [nop,nop,TS val 3941735243 ecr 2301092449], length 1448
15:59:27.392834 IP 192.0.2.2.36379 > 192.0.2.1.6380: Flags [.], seq 1448:2896, ack 1, win 29, options [nop,nop,TS val 3941735243 ecr 2301092449], length 1448
15:59:27.392837 IP 192.0.2.2.36379 > 192.0.2.1.6380: Flags [.], seq 2896:4344, ack 1, win 29, options [nop,nop,TS val 3941735243 ecr 2301092449], length 1448
15:59:27.393060 IP 192.0.2.2.36379 > 192.0.2.1.6380: Flags [P.], seq 4344:4654, ack 1, win 29, options [nop,nop,TS val 3941735244 ecr 2301092449], length 310
15:59:27.393335 IP 192.0.2.1.6380 > 192.0.2.2.36379: Flags [.], ack 4654, win 179, options [nop,nop,TS val 2301101025 ecr 3941735243], length 0
15:59:27.393399 IP 192.0.2.1.6380 > 192.0.2.2.36379: Flags [P.], seq 1:23, ack 4654, win 179, options [nop,nop,TS val 2301101025 ecr 3941735243], length 22
15:59:27.393451 IP 192.0.2.2.36379 > 192.0.2.1.6380: Flags [.], ack 23, win 29, options [nop,nop,TS val 3941735244 ecr 2301101025], length 0
15:59:28.097169 IP 192.0.2.1.34456 > 192.0.2.2.6380: Flags [.], seq 1155514033:1155515481, ack 3414838712, win 29, options [nop,nop,TS val 2301101729 ecr 3941727387], length 1448
15:59:28.097241 IP 192.0.2.1.34456 > 192.0.2.2.6380: Flags [.], seq 1448:2896, ack 1, win 29, options [nop,nop,TS val 2301101729 ecr 3941727387], length 1448
15:59:28.097247 IP 192.0.2.1.34456 > 192.0.2.2.6380: Flags [.], seq 2896:4344, ack 1, win 29, options [nop,nop,TS val 2301101729 ecr 3941727387], length 1448
15:59:28.097252 IP 192.0.2.1.34456 > 192.0.2.2.6380: Flags [P.], seq 4344:4663, ack 1, win 29, options [nop,nop,TS val 2301101729 ecr 3941727387], length 319
15:59:28.097601 IP 192.0.2.2.6380 > 192.0.2.1.34456: Flags [.], ack 4663, win 179, options [nop,nop,TS val 3941735948 ecr 2301101729], length 0
15:59:28.097811 IP 192.0.2.2.6380 > 192.0.2.1.34456: Flags [P.], seq 1:23, ack 4663, win 179, options [nop,nop,TS val 3941735949 ecr 2301101729], length 22
15:59:28.097931 IP 192.0.2.1.34456 > 192.0.2.2.6380: Flags [.], ack 23, win 29, options [nop,nop,TS val 2301101730 ecr 3941735949], length 0
^C
Thanks a lot to @ShaiF for this quick fix !
For everyone: we sort out of the issue by disabling promiscuous mode on the sync vlan !
Awesome mate! Thanks for sharing.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
23 | |
16 | |
12 | |
9 | |
8 | |
8 | |
7 | |
7 | |
7 | |
5 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY