This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SnafuNL
Participant
3 weeks ago
Jump to solution

Dropping traffic on HA Sync Interface

I've got two 1590 appliances running in a cluster, but I can't seem to get the HA working as expected. One of the cluster members always has a status of inactive.

Noticing in the Security Log of the active member dropped traffic on the Sync interface (the two appliances are directly connected), and I'm guessing this is at least part of the problem. Do I need to put a rule in place to allow this traffic or is something else happening?

Running R81.10.17

Thanks

 

0 Kudos
1 Solution

Accepted Solutions
sigal
Employee
Employee
3 weeks ago
In response to SnafuNL
Jump to solution

If your Firewall policy is set to Strict mode then I suggest allowing the traffic between the two cluster members.
This issue has been fixed in R82.00.10, which I understand you cannot upgrade to since you are using 1590.
If adding this rule is extremely inconvenient then you can open SR and we will try to back-port the fix to R81.10.17.

View solution in original post

6 Replies
sigal
Employee
Employee
3 weeks ago
Jump to solution

Hi,
Can you please share the output of:

cphaprob stat

From both cluster members?

Thanks.

0 Kudos
SnafuNL
Participant
3 weeks ago
In response to sigal
Jump to solution

Cluster Mode: High Availability (Active Up)

Sync Mode: Optimized Sync

ID Unique Address Assigned Load State

1 10.231.149.1 100% ACTIVE
2 (local) 10.231.149.2 0% DOWN


Active PNOTEs: FSYNC

Last member state change event:
Event Code: CLUS-112100
State change: INIT -> DOWN
Reason for state change: FULLSYNC PNOTE
Event time: Tue Mar 31 10:01:58 2026

Cluster failover count:
Failover counter: 0
Time of counter reset: Tue Mar 31 07:29:25 2026 (reboot)

Cluster Mode: High Availability (Active Up)

Sync Mode: Optimized Sync

ID Unique Address Assigned Load State

1 (local) 10.231.149.1 100% ACTIVE
2 10.231.149.2 0% DOWN


Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114904
State change: ACTIVE(!) -> ACTIVE
Reason for state change: Reason for ACTIVE! alert has been resolved
Event time: Tue Mar 31 10:01:43 2026

Cluster failover count:
Failover counter: 0
Time of counter reset: Mon Mar 30 05:17:42 2026 (reboot)

0 Kudos
sigal
Employee
Employee
3 weeks ago
In response to SnafuNL
Jump to solution

If your Firewall policy is set to Strict mode then I suggest allowing the traffic between the two cluster members.
This issue has been fixed in R82.00.10, which I understand you cannot upgrade to since you are using 1590.
If adding this rule is extremely inconvenient then you can open SR and we will try to back-port the fix to R81.10.17.

SnafuNL
Participant
3 weeks ago
In response to sigal
Jump to solution

Thank you. The rule resolved the issue. Both are in Active/Standby now.

the_rock
MVP Diamond
MVP Diamond
3 weeks ago
In response to SnafuNL
Jump to solution

Glad it worked.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
3 weeks ago
In response to SnafuNL
Jump to solution

Mind also sending below?

cphaprob -a if

cphaprob -i list

cphaprob -l list

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events