 | ||
 Hotfix HFA04 broke my Cluster on NGXR60 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-02-14 | |||
| |||
 HFA04 install problem on Cluster Hello, I have 2 Nokia running NGXR60 in Load-Sharing config. I installed Checkpoint HFA-04 on my Mgmt Stn, and then installed it on one of the cluster members. FW#2 was taking the traffic while I was making the change on FW#1 - so no interruption - everything went fine, and it asked me to reboot at the end of the install, I did that, and it came back up - I pushed the policy to it, and install was fine. However, I noticed in the logs that FW#2 was still primary and taking the traffic, and FW#1 wasn't logging. Upon doing cphaprob stat, i see FW#1, the one I had applied HFA04 to, was marked as cluster state=down. I tried to join the Cluster again in Voyager by putting in FW#2 IP, but it refused to join, with the error "firewall-1 must be running on both nodes before cluster" or something to that effect. I had to uninstall HFA-04 on FW#1 and go back to NGX60 and then it was fine. What happened? I can't upgrade now because it seems to break the cluster. Someone said it's because both FWs need to be at HFA-04, but i'm very hesistant to work on the active FW in case it breaks it too! Any advice appreciated ~k Last edited by karimi; 2007-02-14 at 20:58.  |
| 2007-02-15 | |||
| |||
| Re: Hotfix HFA04 broke my Cluster on NGXR60 If you want to perform Zero Down Time Upgrade on ClusterXL. You can find sequence upgrade's steps in Upgrade guide. For example (it looks like you case): "1. Run cphaconf set_ccp broadcast on all cluster members. This will turn the cluster control protocol to broadcast instead of multicast and will insure that during the upgrade the new upgraded members stay in the Ready state as long as a previous version member is active." About "cluster state=down". If your modules have different HFAs, they don't work together in Cluster. So it's your situation one module is active, another is down. |
| 2007-02-15 | |||
| |||
| Re: Hotfix HFA04 broke my Cluster on NGXR60 Thanks Kva.. Why didn't they document this in the hFA04 release notes but separated it in the upgrade guide? Do you have any documentation which say different HFA version stops clustering from working? Would appreciate knowing this. cheers ~k |
| 2007-02-16 | |||
| |||
| Re: Hotfix HFA04 broke my Cluster on NGXR60 From HFA Release Notes: "Special Instructions for Installing R60_HFA_04 on NGX R60 Clusters When upgrading ClusterXL from NGX R60 or NGX R60 with previous HFA to R60_HFA_04 the following upgrade options are available: • Minimal Effort Upgrade - for more information see the chapter Performing a Minimal Effort Upgrade on a ClusterXL in the Upgrade guide. • Zero Down Time Upgrade - for more information see the chapter Performing a Zero Down Time Upgrade on a ClusterXL Cluster in the Upgrade guide. • Full Connectivity Upgrade – for more information follow the steps specified in the chapter Performing a Full Connectivity Upgrade on a ClusterXL Cluster in the Upgrade guide. etc" If you want upgrade cluster without stopping, you need to accomplish steps from chapter Zero Down Time Upgrade or Full Connectivity Upgrade. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
