This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
biskit
Advisor
Advisor
‎2019-01-23 11:49 AM

1400 Manual Cluster Failover

Hi all,

I'm struggling to remember or find the answer to how you manually fail over a 1400 cluster.  The normal "clusterXL_Admin down" doesn't work on 1400's.

I've set the other member to the higher priority in SmartDashboard and set ClusterXL to switch to higher priority member, then installed, but it hasn't switched.

Any ideas how I can manually fail over between cluster members on 1400's?

Thanks,

Matt

17 Replies
Matt_Ricketts
Employee
Employee
‎2019-01-23 09:52 PM

Are you able to physically unplug one of the Ethernet cables in the 1400 and force fail over?

0 Kudos
Mark_Mitchell
Advisor
‎2019-01-23 10:42 PM

The SMB devices are a little bit different as they run Gaia embedded. Performing the following will perform the failover in the same manner as the Gaia full devices (3000 series and above).

# Complete in Expert mode

cd $FWDIR/bin

clusterXL_admin.csh down

(1)
G_W_Albrecht
Legend Legend
Legend
‎2019-01-24 03:52 AM
In response to Mark_Mitchell

That is all documeted here: sk65060: How to cause a manual fail-over in ClusterXL on SG-8x appliances.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Maarten_Sjouw
Champion
Champion
‎2019-01-24 03:56 AM

The actual simplest way to do so, is by using the priority in the SmartConsole, as it is centrally managed, that is where it should be, open the cluster object, Cluster members and adjust the priority and push the policy.

For the quick switch the only way is to use the CLI as described in the previous posts.

Regards, Maarten
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-01-24 03:59 AM
In response to Maarten_Sjouw

If it is centrally managed - even 14x0 SMBs can be used locally managed.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mark_Mitchell
Advisor
‎2019-01-24 04:06 AM
In response to Maarten_Sjouw

When using the priorities (with central management with SMS) if the failover settings within advanced settings are set to "Maintain Current Active Cluster Member" then the unit won't failover based on the priorities. Advanced Cluster XL Properties

If you want to perform failover using the priorities you will need to change to "Switch to higher priority cluster member" and then install policy. 

0 Kudos
Gaurav_Pandya
Advisor
‎2019-01-24 07:10 AM

Correct. You need to change option to "Switch to higher priority cluster member" in clusterXL setting. 

0 Kudos
biskit
Advisor
Advisor
‎2019-01-24 07:14 AM

Thanks everyone.

I've already set to highest priority and installed (as mentioned in the original post) but this did not switch members.  I don't know why not.

I'll try the clusterXL_admin.csh command tonight during a maintenance window Smiley Happy

Matt

0 Kudos
Mark_Mitchell
Advisor
‎2019-01-24 07:18 AM
In response to biskit

Not a problem at all. 

Just to confirm within your SMS have you set the "Switch to higher priority Cluster Member" option as pictured earlier?

If it's easier, feel free to post a screenshot and we can see if we can see anything that may be causing the issue.

0 Kudos
Mark_Mitchell
Advisor
‎2019-01-25 01:43 AM
In response to biskit

Hey Matt, how did you get on within your maintenance window and the failover with the command clusterXL_admin.csh?

0 Kudos
biskit
Advisor
Advisor
‎2019-01-24 07:37 AM

Here's my settings:

However, even after multiple installs, FWA is still Standby.  It should now be Active.

0 Kudos
Mark_Mitchell
Advisor
‎2019-01-24 07:42 AM
In response to biskit

Very Interesting, it looks ok to me from a clusterXL configuration point of view. What firmware version are you running? 

I have a pair of 1450 for lab use so I'll see if I can replicate the same results. 

biskit
Advisor
Advisor
‎2019-01-24 07:56 AM
In response to Mark_Mitchell

Thanks.  I'm currently running on R77.20.70.

JozkoMrkvicka
Authority
Authority
‎2019-01-25 01:36 AM

There is no option in SmartView Monitor to perform failover ? Try to right click on active member within Monitor.

Kind regards,
Jozko Mrkvicka
0 Kudos
Mark_Mitchell
Advisor
‎2019-01-25 01:51 AM

Please see below for SK for Best Practices on Manual Check Point failover. 

Best Practices - Manual fail-over in ClusterXL 

I would always recommend this method of a fail over. As from the CLI you can also obtain more detailed data quickly around clustered interfaces and cluster health etc. 

0 Kudos
biskit
Advisor
Advisor
‎2019-01-25 01:54 AM

The clusterXL_admin.csh down worked a treat Smiley Happy

One day the commands might be consistent between CP appliance models 

Martin_Valenta
Advisor
‎2019-01-25 05:14 AM

in expert mode, ip link set dev LANx down/up

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events