Hi Sigal / Chris,

Thanks for your replies;

Both are running R81.10.17 (996004721)

Neither of the nodes have ever been connected to Spark Management, no

I would have expected them to be synched, especially, given the fact that you cannot edit the standby unit's policy via the GUI and no option to push a policy to both. The IPs and IPSEC sessions are failed over correctly, so I'dve expected that policy and objects to  also.

Thanks again 

Can you please share the output of:

cphaprob stat 

from Expert shell on the Active cluster member?

Thanks.

Here is the output:

# cphaprob stat

Cluster Mode: High Availability (Active Up)

Sync Mode: Optimized Sync

ID Unique Address Assigned Load State

1 (local) 10.231.149.1 100% ACTIVE
2 10.231.149.2 0% STANDBY

Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114704
State change: STANDBY -> ACTIVE
Reason for state change: No other ACTIVE members have been found in the cluster
Event time: Tue Jan 6 01:12:36 2026

Last cluster failover event:
Transition to new ACTIVE: Member 2 -> Member 1
Reason: USER DEFINED PNOTE
Event time: Tue Jan 6 01:12:36 2026

Cluster failover count:
Failover counter: 1
Time of counter reset: Tue Sep 30 18:53:15 2025 (reboot)

Please run on the Active member:

cprid_util getfile -local_file /logs/bl_tmp -remote_file /logs/boot_log -server 10.231.149.2
echo $?

And then on the Standby member:

cprid_util getfile -local_file /logs/bl_tmp -remote_file /logs/boot_log -server 10.231.149.1
echo $?

Send me the output of these commands.

Thanks.

Thanks Sigal

Here is the output requested

The active host:

# cprid_util getfile -local_file /logs/bl_tmp -remote_file /logs/boot_log -server 10.231.149.2
# echo $?
5

The standby server

# cprid_util getfile -local_file /logs/bl_tmp -remote_file /logs/boot_log -server 10.231.14
# echo $?
5

Regards

Dek

Hi,
Based on the data you shared, the SIC between cluster members is broken and this is the reason objects and policy do not synchronize. When SIC is properly set, return value of these commands should be 0.
The simplest way to recover is to:
1. Reset the cluster
2. Reboot both gateways
3. Re-establish the cluster

Please let me know if this is doable.

Thanks.

Thanks Sigal.

I will look at this further and see if I can organise a time to do this. 

When you say 'reset the cluster' , what particular operation are you referring to specifically please?

Can you explain what the cprid_util  is doing? Are there other commands which can show whether SIC is working or not?

Thanks again

regards

Dek

Reset the cluster: on High Availability page, click on Reset Cluster Configuration. After that, verify on both members that cluster indication on the left corner of the UI is gone.

The cprid_util command you ran is used for copying files between cluster members over SIC.

Hi Sigal,

I just wanted to confirm what you meant, This will blow away the configuration. I will not be in a position to do this as these units are remote to me . I could only do this whilst on site, I think just in case.

Is the alternative to push a common policy to both only if a Management Server or Smartconsole system is introduced (as it used to be when we had R71  ) ?  Am I correct in assuming I'd also need a licence for a Management Server?

Thanks and Regards

Dek

If it is not possible to reset the cluster, please issue support ticket and send its number. 
We will then schedule remote session in order to try and fix this issue without traffic interruption.

Hi Sigal,

I will indeed log a call with the provider in that case. 

Many thanks for your time and help here.

I will be in touch once this has been done

Thanks

Dek

Hi Sigal,

I was able to open 6-0004484543 via the reseller

Not sure if you can see this

Regards

Dek

Thanks Very much for the help SIgal the command: 

fw sic_test

Is helpful.

Could you remind me of the command to reestablish SIC please?

Thanks again

Regards

Derek

Thank you very much Sigal