Create a Post
Showing results for 
Search instead for 
Did you mean: 

What is the expected traffic in a packet capture for Checkpoint High Avalibility?

While working on a issue I noticed this on a wireshark packet capture on my Nexus 9000 switch is connected to a 15400 XL running Gaia 80.33 (whatever the current version is). There are two 15400 XL in one DC1 and 2 in DC2. The 4 are all clustered together for the VSS. The is checkpoint's "internal switch" address. My question is should I be seeing these messages sent to the switchport that is connected to the firewall? The port that is connected to the firewall from the Nexus is for multicast traffic. I did a packet capture in our QA environment which is a mirror of our production with the exception of there are only 2 15400 XL and I don't see these messages below. Is this a mis- configuration of the Firewall High Availability being sent to the Nexus connecting port? 


2019-07-10 15:34:26.154998 -> CPHA CPHAv3223: FWHA_MY_STATE
2019-07-10 15:34:26.155007 -> CPHA CPHAv3223: FWHA_IFCONF_REQ
2019-07-10 15:34:26.155010 -> CPHA CPHAv3223: FWHA_IFCONF_REQ
2019-07-10 15:34:26.155013 -> CPHA CPHAv3223: FWHA_IFCONF_REQ

0 Kudos
5 Replies
This widget could not be displayed.