I am clustering 2 Checkpoint 1200R devices. When I fail over the primary unit to the secondary device, all is good. When the primary unit is restored, is there an option to fail back the unit automatically ?
Yes, that is possible. You can configure this in SmartDashboard within the ClusterXL settings of the cluster object.
Define priorities within 'Cluster Members', then select 'Switch to higher priority Cluster Member' within 'ClusterXL'.
I appreciate you prompt response, however, I don't have access to SmartDashboard. I am using FireFox (Internet Explorer) to access these devices via the GUI interface. My only other option is via the console interface using CLI.
Then read my 1400 Appliance FAQ, it's good for 1200R's as well.
First, you should use Google's Chrome Browser.
Second, while there is no 'Switch to primary cluster member' option directly available in the WebUI when locally managing 1200R clusters, you can easily setup a trivial Bash script that is running on the primary member checking the cluster status. If the secondary member is 'Active' and the primary one 'Standby', the Bash script would simply issue the command 'clusterXL_admin down; clusterXL_admin up' on the secondary cluster member.
Thanks Danny, I appreciate your help. I'll give it a try.
This is a known SMB limitation:
sk111854 1100 ClusterXL does not fail-back to Primary member says that after a fail-over of the 1100 HA Cluster, when the Primary member is eligible again to resume handling the traffic, a fail back does not occur, and the former Secondary member continues handling the traffic instead. No fix is required; the system is functioning as designed.
So either leave it as it is - the nodes are in sync and it does not matter which one of both is active (that is different to GAiA Full Management HA), do a manual failover (the procedure from sk111854) or use the script from Dannys suggestion.
Hi Gunther, thanks very much for your help.
Do we have a shutdown command in 1200R?
[Expert@1200R]# shutdownUsage: shutdown [-akrhPHfFnc] [-t sec] time [warning message] -a: use /etc/shutdown.allow -k: don't really shutdown, only warn. -r: reboot after shutdown. -h: halt after shutdown. -P: halt action is to turn off power. -H: halt action is to just halt. -f: do a 'fast' reboot (skip fsck). -F: Force fsck on reboot. -n: do not go through "init" but go down real fast. -c: cancel a running shutdown. -t secs: delay between warning and kill signal. ** the "time" argument is mandatory! (try "now") **
Even this is possible:
[Expert@1200R]# haltAre you sure? (y/n)
Thank you, this helps.
I gave all these commands, but i never see my firewall goes down - i have active serial connection.
2) shutdown -h 0
3) shutdown -h -P 0
All the commands gave this general message:
The system is going down for system halt NOW!
My LED is solid green.
I assume as there is power-on button, its mandatory to remove the power-source from the unit.
Same is on 1470. I am not sure that is even supposed to work. While 'halt' is only supposed to halt OS, 'halt -P' is also supposed to send ACPI command to PSU to cut off power from device. Because SMB is using external PSU I do not think it is possible to send ACPI commands to it.
Power off button will do the same as disconnecting PSU from device. Both of them require to go to the device that in some case might be a problem.
Retrieving data ...