Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rochim
Participant

fwkern.conf is missing on device standby

Hi All,

 

i have HA Checkpoint 16000 using VSX mode. i found this difference file fwkern.conf is exist on active device but not on standby device. this is mandatory by design or not? 

any some one else same this issue?

 

[Expert@Active_Device-03:0]# cat /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

fwha_enable_state_machine_by_vs=0

[Expert@Active_Device-03:0]#

 

[Expert@Standby_Device-03:0]# less /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

/opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf: No such file or directory

 

thanks.

0 Kudos
12 Replies
Vincent_Bacher
Advisor
Advisor

This file is created/modified manually. This does not exist after clean-installation. All kernel values have to be set on both nodes.
So just create it on second node and add the same values as already given in node 1

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
G_W_Albrecht
Legend
Legend

According to sk26202, fwkern.conf does not exist - it has to be created manually if used. Kernel parameter fwha_enable_state_machine_by_vs can not be found in any documentation / sk, so i assume you would need CP to know why it was used here at all, and only on one cluster node...

CCSE CCTE CCSM SMB Specialist
0 Kudos
rochim
Participant

thanks for your reply.

do you know function fwkern.conf? any document explain it?

 

0 Kudos
firewall1-gx
Contributor

Rochim,

Fwkern.conf is a file created manually. In your case, just create the file on missing cluster member.

More details you can see on: Changing the kernel global parameters for Check Point Security Gateway

Regards,

Alisson Lima

0 Kudos
rochim
Participant

hi

thanks for your reply, i want to know what function fwker and what means attribute "fwha_enable_state_machine_by_vs=0"

0 Kudos
Václav_Brožík
Collaborator


@firewall1-gx wrote:

...Fwkern.conf is a file created manually...


That is not completely true. To my knowledge the file could be created by cpconfig.

fwha_enable_state_machine_by_vs indicates if VSLS is enabled or not which is a property controllable by cpconfig.

(1)
Alex-
Advisor
Advisor

Could it be something linked to the 16K series though? I operate some in VSX (R80.40) and fwkern.conf exists with fwha_enable_state_machine_by_vs set to 1.

Edit: might be a Kernel 3.10 or something linked to some HFA thing. I checked another cluster of high-end VSX appliances running up-to-date R80.30 and the file is also there with the value set to 1.

0 Kudos
rochim
Participant

hi,

the file existing on both device? i only missing on standby device.

0 Kudos
Vincent_Bacher
Advisor
Advisor

@Alex- Just had a look on a 23k device on our side running R80.10 and this value is present here as well. Don't have the function of this value in mind as well.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Vincent_Bacher
Advisor
Advisor

When kernel values to be set, file has to exist on both nodes to be effective as well when failover node gets active.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
G_W_Albrecht
Legend
Legend

I would assume this to be about machine state - active or standby - being different per VS, a feature that sounds more like VSLS, not HA VSX...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Vincent_Bacher
Advisor
Advisor

Yes, agree. The key message was just to have it not just on one side 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events