This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
rochim
Participant
Tuesday

fwkern.conf is missing on device standby

Hi All,

 

i have HA Checkpoint 16000 using VSX mode. i found this difference file fwkern.conf is exist on active device but not on standby device. this is mandatory by design or not? 

any some one else same this issue?

 

[Expert@Active_Device-03:0]# cat /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

fwha_enable_state_machine_by_vs=0

[Expert@Active_Device-03:0]#

 

[Expert@Standby_Device-03:0]# less /opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf

/opt/CPsuite-R80.30/fw1/boot/modules/fwkern.conf: No such file or directory

 

thanks.

0 Kudos
Reply
11 Replies
Vincent_Bacher
Advisor
Tuesday

This file is created/modified manually. This does not exist after clean-installation. All kernel values have to be set on both nodes.
So just create it on second node and add the same values as already given in node 1

and now to something completely different
0 Kudos
Reply
G_W_Albrecht
Champion
Champion
Tuesday

According to sk26202, fwkern.conf does not exist - it has to be created manually if used. Kernel parameter fwha_enable_state_machine_by_vs can not be found in any documentation / sk, so i assume you would need CP to know why it was used here at all, and only on one cluster node...

0 Kudos
Reply
rochim
Participant
Tuesday
In response to G_W_Albrecht

thanks for your reply.

do you know function fwkern.conf? any document explain it?

 

0 Kudos
Reply
firewall1-gx
Contributor
Tuesday

Rochim,

Fwkern.conf is a file created manually. In your case, just create the file on missing cluster member.

More details you can see on: Changing the kernel global parameters for Check Point Security Gateway

Regards,

Alisson Lima

0 Kudos
Reply
rochim
Participant
Tuesday
In response to firewall1-gx

hi

thanks for your reply, i want to know what function fwker and what means attribute "fwha_enable_state_machine_by_vs=0"

0 Kudos
Reply
Alex_Gilis
Advisor
Tuesday

Could it be something linked to the 16K series though? I operate some in VSX (R80.40) and fwkern.conf exists with fwha_enable_state_machine_by_vs set to 1.

Edit: might be a Kernel 3.10 or something linked to some HFA thing. I checked another cluster of high-end VSX appliances running up-to-date R80.30 and the file is also there with the value set to 1.

0 Kudos
Reply
rochim
Participant
Tuesday
In response to Alex_Gilis

hi,

the file existing on both device? i only missing on standby device.

0 Kudos
Reply
Vincent_Bacher
Advisor
Tuesday
In response to Alex_Gilis

@Alex_Gilis Just had a look on a 23k device on our side running R80.10 and this value is present here as well. Don't have the function of this value in mind as well.

and now to something completely different
0 Kudos
Reply
Vincent_Bacher
Advisor
Tuesday

When kernel values to be set, file has to exist on both nodes to be effective as well when failover node gets active.

and now to something completely different
0 Kudos
Reply
G_W_Albrecht
Champion
Champion
Tuesday
In response to Vincent_Bacher

I would assume this to be about machine state - active or standby - being different per VS, a feature that sounds more like VSLS, not HA VSX...

0 Kudos
Reply
Vincent_Bacher
Advisor
Tuesday
In response to G_W_Albrecht

Yes, agree. The key message was just to have it not just on one side 🙂

and now to something completely different
0 Kudos
Reply