Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
leonardo_silva1
Explorer

MANAGEMENT INTERFACE OF THE CLUSTER STANDBY IN STANDBY NON-ACCESSIBLE

I have a cluster with active member and standby member, the member management interface on standby is not accessible by ping or ssh, the process of contigencia of the members has been validated and always the member that is in standby is with the door of management inacessivel. Has anyone ever had this problem?

Can I access the standby member through ssh through another interface

0 Kudos
5 Replies
Kim_Moberg
Advisor

Hi

Have you tried entering # fw ctl set int fwha_forw_packet_to_not_active 1


if that works, enable on permanent in fwkern.conf.

Best regards

Kim 

Best Regards
Kim
Kim_Moberg
Advisor

Sorry  Aleksei Shelepov 

I used some of your text without given you credit. But I have tried the same solution on one of my cluster gateways were i works.

Best regards

Kim

Best Regards
Kim
0 Kudos
leonardo_silva1
Explorer

Kim Moberg,

I tested it on fw standby and the member is still inaccessible.

Thanks for the tip.

0 Kudos
Kim_Moberg
Advisor

It have to be done on active cluster unit so it forwards packets to you passive/stand-by node

Enable

fw ctl set int fwha_forw_packet_to_not_active 1

Disable 

fw ctl set int fwha_forw_packet_to_not_active 0


Best Regards
Kim
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Depending on which interface you're trying to access standby member. You might want to read this old discussion. 

https://community.checkpoint.com/message/21555-re-problem-accessing-standby-cluster-member-from-non-... 

In nutshell - if you're trying to connect to standby member via IP that's on the "other" side of the firewall, adding static /32 route to the router in front of the fw might help

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events