Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rochim
Participant

fwkern.conf is missing on device standby

Hi All,

 

i have HA Checkpoint 16000 using VSX mode. i found this difference file fwkern.conf is exist on active device but not on standby device. this is mandatory by design or not? 

any some one else same this issue?

 

[Expert@Active_Device-03:0]# cat /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

fwha_enable_state_machine_by_vs=0

[Expert@Active_Device-03:0]#

 

[Expert@Standby_Device-03:0]# less /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

/opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf: No such file or directory

 

thanks.

0 Kudos
Reply
11 Replies
Vincent_Bacher
Advisor

This file is created/modified manually. This does not exist after clean-installation. All kernel values have to be set on both nodes.
So just create it on second node and add the same values as already given in node 1

and now to something completely different
0 Kudos
Reply
G_W_Albrecht
Champion
Champion

According to sk26202, fwkern.conf does not exist - it has to be created manually if used. Kernel parameter fwha_enable_state_machine_by_vs can not be found in any documentation / sk, so i assume you would need CP to know why it was used here at all, and only on one cluster node...

0 Kudos
Reply
rochim
Participant

thanks for your reply.

do you know function fwkern.conf? any document explain it?

 

0 Kudos
Reply
firewall1-gx
Contributor

Rochim,

Fwkern.conf is a file created manually. In your case, just create the file on missing cluster member.

More details you can see on: Changing the kernel global parameters for Check Point Security Gateway

Regards,

Alisson Lima

0 Kudos
Reply
rochim
Participant

hi

thanks for your reply, i want to know what function fwker and what means attribute "fwha_enable_state_machine_by_vs=0"

0 Kudos
Reply
Alex_Gilis
Advisor

Could it be something linked to the 16K series though? I operate some in VSX (R80.40) and fwkern.conf exists with fwha_enable_state_machine_by_vs set to 1.

Edit: might be a Kernel 3.10 or something linked to some HFA thing. I checked another cluster of high-end VSX appliances running up-to-date R80.30 and the file is also there with the value set to 1.

0 Kudos
Reply
rochim
Participant

hi,

the file existing on both device? i only missing on standby device.

0 Kudos
Reply
Vincent_Bacher
Advisor

@Alex_Gilis Just had a look on a 23k device on our side running R80.10 and this value is present here as well. Don't have the function of this value in mind as well.

and now to something completely different
0 Kudos
Reply
Vincent_Bacher
Advisor

When kernel values to be set, file has to exist on both nodes to be effective as well when failover node gets active.

and now to something completely different
0 Kudos
Reply
G_W_Albrecht
Champion
Champion

I would assume this to be about machine state - active or standby - being different per VS, a feature that sounds more like VSLS, not HA VSX...

0 Kudos
Reply
Vincent_Bacher
Advisor

Yes, agree. The key message was just to have it not just on one side 🙂

and now to something completely different
0 Kudos
Reply