AnsweredAssumed Answered

Azure based Vsec R80.10 Cluster - Secondary node issue

Question asked by Alex Fray on Apr 20, 2018
Latest reply on Apr 28, 2018 by Nikhil Deshmukh

Hi, I have deployed an R80.10 Checkpoint Cluster into Microsoft Azure. Cluster XL is working (active/standby) and I can manage and push policies to both cluster nodes (inbound connectivity ok)

 

However when running the azure test script to check connectivity to Azure to make UDR and cluster IP changes the secondary node can't resolve DNS. Primary node works fine. If I try and ping 8.8.8.8 for example, I get no response as if the node has no outbound Internet connectivity not just a DNS issue. This is very odd because I can manage the cluster nodes and cluster XL is working but because the secondary node has no outbound connectivity failover is not working and also it can't contact checkpoint.com to get its contracts status so its complaining about licensing. Any ideas?

 

Output from the secondary node below which is unsuccessful.
[Expert@vsec-node-2]# $FWDIR/scripts/azure_ha_test.py
Image version is: ogu_GAR1-289
Reading configuration file...
Testing if DNS is configured...
 - Primary DNS server is: 8.8.8.8
Testing if DNS is working...
Error:
Failed to resolve login.windows.net

!

[Expert@vsec-node-2]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2001ms

Outcomes