This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
andreibo
Contributor
‎2022-06-21 07:00 AM

1600 Cluster sync issues

Hi All, 

We have a newly delivered(May 2022) 2x1600 Spark R80.20.35 appliances that have been configured as a cluster.

My colleague that did the configuration is long time on Check Point and I have no doubt that the configuration was done as usual - to work :).

After the configuration was done, we observed that the cluster members do not sync.

Have anyone encountered that recently?

If I should post more info about the issue, please let me know and I will anonymize mentioned configs and I will post it here - but I belive that this is not related to configs or ISP.

Best wishes, 

Andrei

8 Replies
Sorin_Gogean
Advisor
‎2022-06-21 07:15 AM

hey,

 

we need more details on what/how is configured, as if they don't sync then, do they report smth wrong in SmartConsole ?

(as I've seen they support ClusterXL)

Usually the 15K series I use have a SYNC interface that you set it as synchronization and is used specifically for that, but on 1600 I don't see that, so most likely you define some of the LAN ports to be used for sync.

 

Ty,

PS: from here

Configuring High Availability

In the Device > High Availability page you can create a cluster of two appliances for high availability.

Note - You cannot create a cluster when you have a switch or bridge defined in your network settings on the appliance. If necessary, change network settings in the Device > Local Network page.

After you define a cluster, you can select to Enable or Disable the cluster.

The page shows the configured interfaces for monitoring or high availability enabled in a table, where you can edit them.

Interface options in cluster mode:

  • High Availability - Two physical interfaces in 2 cluster members act as a single interface toward the network, using a single virtual IP address.

    Note - In this cluster solution, each interface has a local IP address in addition to the shared single virtual IP address.

  • Sync - Two physical interfaces must be defined as Sync interfaces and connected between the members to allow proper failover as needed. The default is to use LAN2/Sync physical port.

  • Non HA (also called private) - The physical interface in this member does not participate in High Availability functions.

  • Monitored (also called private monitored) - The physical interface in this member is not coupled with another interface on the other member as in High Availability interface mode. The interface's status is still monitored, and if a problem occurs the member will fail over to the second one.
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-21 07:45 AM
In response to Sorin_Gogean

You cite from Locally Managed SMBs R80.20.20 manual but ask if they report smth wrong in SmartConsole - we should better know the deployment before guessing...

Concerning the Sync Port: Both 1600 + 1800 have port 2 named as sync, 1600 with 1GbE and 1800 with 2,5 GbE.

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-21 07:33 AM

1600 SMB appliances HA cluster are much different to GAiA clusters - you only configure the active node in detail, and after selecting the second node in FTW as standby HA node, all config will be synchronized from active node. You did not write about it, but i assume you have a locally managed SMB cluster, so this applies: sk121096: How to configure a cluster between locally managed SMB appliances

CCSE CCTE SMB Specialist
Chris_Atkinson
Employee
Employee
‎2022-06-21 07:36 AM

Depending on the deployment scenario there is R80.20.40 available now with some clustering enhancements.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-22 12:24 AM
In response to Chris_Atkinson

I would suggest to upgrade to R80.20.40 asap !

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-22 07:31 AM

Centrally or locally managed SMBs ?

CCSE CCTE SMB Specialist
0 Kudos
andreibo
Contributor
‎2022-06-24 05:16 AM
In response to G_W_Albrecht

Locally managed.

Update:

1. We performed upgrade to R80.20.40 and the issue persisted.

2. We went back to R80.20.35 and recreated the cluster from scratch + adding specific policies to allow traffic between cluster members and the sync issue was solved. That specific policies where there from the first time, so that was not the issue.

I have no clue what was that. The procedure of setup was the same in both Cluster setup configurations...same order for steps.

 

G_W_Albrecht
Legend
Legend
‎2022-06-27 04:39 AM
In response to andreibo

As long as you do follow sk121096How to configure a cluster between locally managed SMB appliances sync should work. Afaik specific policies to allow traffic between cluster members are only needed in Strict Mode.

CCSE CCTE SMB Specialist
0 Kudos