- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello,
this morning I replaced one of the two nodes in HA, the new one was configured and tested in a test environment and in fact now it has no problems. the problem occurs in the two interfaces (ETH4 and 5) that deal with the sync. these keep going up and down
from the smart console are partially up
ETH4 is set as secondary in sync while ETH5 is primary.
node 1 (the old one) restarted by itself when I attacked node 2 (new) and node 1 was not restarting for a year. at this moment node 1 is running and has no problems, but due to the problems on the interfaces there is no node 2 among the members of the HA
I read that I should broadcast the network cards to solve the problem but I don't want to, as it has worked so far. the problem shouldn't be here.
any suggestion?
thanks
I cant say this 100%, but I believe it was never recommended to use 2 sync interfaces. Regardless, you can try below steps. I always use to do this when someone had issues with sync in the cluster.
Andy
Which GW version is this?
Note the use of more than one dedicated physical interface for synchronization redundancy is not supported. You can use Bonding for synchronization interface redundancy.
this configuration works since 2014, I have no idea at this point how they made it work, however, can this modification to create the bonding be done hot? taking into account that I only have a functioning node and that I can no longer afford down periods.
You can do sync debug from the link I sent, hope that helps, as it should give you a clue why its failing.
Also, to add what @Chris_Atkinson said, I dont know if it says anywhere its not officially supported, but either way, all I can tell you from my experience is that I had customers run it and it does work, BUT, when it breaks, tough fixing it...its NOT an easy task, thats for sure.
For reference it's explained in the Cluster XL admin guide here:
Thank you for that.
Backing up what Chris said here, I even mentioned in my book that adding a second physical interface as a 2nd sync is not a good idea and to use a bond instead:
I think I will buy your book @Timothy_Hall , one of my colleagues said he got it on Amazon and loved it :- ). Any discount code for checkmates peeps? haha
Unfortunately I have no ability to create discount codes at Amazon for the hardcopy edition.
However discount codes for the PDF edition and the self-guided video series offerings do tend to pop up during CPX season every year so stay tuned.
Just bought it on amazon, pays to be prime member : )
The top of this SK suggests you should, except in a few unique cases, only use bonded sync interfaces if you want redundancy.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
sk92804: Sync Redundancy in ClusterXL
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
22 | |
17 | |
12 | |
9 | |
9 | |
8 | |
7 | |
7 | |
7 | |
5 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY