Need help with ClusterXL problem

[cciesec2006]

I need urgent help really fast.

I have a pair of Firewall running NG with AI R55 with HFA_20 on dell
optiplex PCs. FW1 has 1GB of RAM and P4 1.8GHz processor. FW2 has
512MB of RAM and P4. 1.8Ghz processor. Everything is running fine.
in Active/Active load-sharing ClusterXL unicast mode, as seen below:

[Expert@GW1]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 (local) 10.1.1.1 30% active (pivot)
2 10.1.1.2 70% active

[Expert@GW1]#
[Expert@GW2]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 10.1.1.1 30% active (pivot)
2 (local) 10.1.1.2 70% active

[Expert@GW2]#


Today, I performed "shutdown" on FW2 and upgraded it from 512MB
to 1GB of RAM to match with FW1. After FW2 comes back online,
cpha on FW2 showed as "down" as seen below:

[Expert@GW1]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 (local) 10.1.1.1 100% active (pivot)
2 10.1.1.2 0% down

[Expert@GW1]#
[Expert@GW2]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 10.1.1.1 100% active (pivot)
2 (local) 10.1.1.2 0% down

[Expert@GW2]#

I repeatedly performed "cpstop;cpstart" on FW2 but no luck.
I even rebooted FW2 several times but cpha on FW2 always
showed as "down". If I removed 512MB of RAM from FW2 and
reboot the firewall, cphaprob on FW2 will work again, as
seen below:

[Expert@GW2]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 10.1.1.1 30% active (pivot)
2 (local) 10.1.1.2 70% active

[Expert@GW2]#


Both PCs are identical with the exception that FW1 has
1GB RAM and FW2 has 512MB RAM. Any attempts to upgrade
FW2 to 1GB RAM killed cpha on FW2. Rebooting or cprestart
on FW2 does not resolve the issue.


Anyone has run into this before? Please help.

[jaga4india]

Try to replace with single 1GB RAM . I believe it should resove this issue.

[cciesec2006]

FW1 has 2-512MB RAM = 1GB RAM total
FW2 has 1-512MB RAM = 512MB RAM total.

When I add another 1-512MB to the FW2, I run into
issues. If I remove 1-512MB from FW2, the problem
goes away.

Both boxes use the same identical memory from Dell.
It is not like the box is not booting up, only ClusterXL
issue.

I am trying to understand how replacing with 1-1GB
memory will solve anything.

[Routerkid1]

put a gig of ram in the box and change Cluster XL to HA and then reinstall the box. It should take about 30 minutes.

[cciesec2006]

I don't want to run HA. I want to run Active/Active.

[fdamstra]

Quote:

Originally Posted by cciesec2006

When I add another 1-512MB to the FW2, I run into issues. If I remove 1-512MB from FW2, the problem goes away.

What if you leave only the new 512MB stick of RAM in? Could it be as simple as a bad memory upgrade?

Your symptoms are strange. You could open a ticket with CheckPoint, but we know how that goes.

Have you pushed policy after the memory upgrade? I'd try that first.

If that doesn't work, I expect that something in the initial hardware detection is sticking around and having trouble with the memory upgrade. I'd get a backup, do the memory upgrade, and reinstall.

[cciesec2006]

"What if you leave only the new 512MB stick of RAM in? Could it be as simple as a bad memory upgrade?"

Then I have no issue.

"Have you pushed policy after the memory upgrade? I'd try that first."

re-push the policy many times. issue remained.

When I upgraded the box to 1GB RAM (2x512MB), I can see the box
has 1GB from the "dmesg" and from "/proc/meminfo" so the splat box
does see 1GB RAM. Why it is not working, I am at a lost.