This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StackCap43382
Collaborator
Collaborator
‎2020-10-28 02:18 AM

vsec Standby Connectivity Issue After r80.40 Upgrade

Hi All,

An Azure VSEC cluster has been upgraded to r80.40 and we are not able to failover between members.

Checking connectivity we are unable resolve DNS on reach any external entity from the standby.

Further investigations show the standby using the sync (eth1) to send it via primary.
The primary is then sending the connection out its public (eth0) and folding behind the cluster address.

Response traffic is being folded back to the correct IP but then routed out of eth0 and oblivion.

Internal Interface: Eth1
External Interface: Eth0
Sync link: Eth1

fwha_forw_packet_to_not_active=0
fwha_cluster_hide_active_only = 1
fwha_silent_standby_mode = 0

SKs:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Before I shove more ports into table.def, anyone else seen this?

 

CCSME, CCTE, CCME, CCVS
3 Replies
Data_Center
Explorer
‎2020-10-28 04:35 AM

Hi,
Can you kindly share the output of '$FWDIR/scripts/azure_ha_test.py
Both members active&standby 

Thanks,

Noy

StackCap43382
Collaborator
Collaborator
‎2020-10-30 05:31 AM
In response to Data_Center

Fix was eth0 was not configured as SYNC+Cluster in the cluster object so Standby was black holing return traffic pivoting via Active. 

CCSME, CCTE, CCME, CCVS
Data_Center
Explorer
‎2020-10-31 11:22 AM
In response to StackCap43382

Great,

thanks for the update.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events