This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CyberBreaker
Contributor
‎2020-07-13 11:27 AM

VSX ClusterXL Not Forming

Hi, I would like to seek for some ideas or solutions about my issue in VSX as my cluster is not forming. When I do "cphaprob state" in both of my FWs, it states that "Sync down" but the Sync is not really down in fact, I can reach FW1 to FW2 via the HA IP address and vice versa.

By the way, the configuration of my HA link is that I bonded Sync and eth1 then configured the IP address in the bond interface. These interfaces are connected via switch via VLAN separated from the data VLANs (it is not direct back-to-back connection).

Thank you so much for the help in advance.

1 Reply
HeikoAnkenbrand
Champion Champion
Champion
‎2020-07-13 01:44 PM

Hi @CyberBreaker 

If Layer 2 and Layer 3 work correctly, it can be an implied rule. 

Create a rule in VS0 that allows from gateway one to gateway two everything on the sync interface. If it works, you can restrict CCP  (port 8116).

More to ports and ClusterXL CCP read here:

R80.x - Ports Used for Communication by Various Check Point Modules

R80.x - cheat sheet - ClusterXL

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top