PDA

View Full Version : Failover happens during policy installation



Palanivel
2013-08-22, 21:05
Hi,

What are all the possibilities of firewall failover during the policy installation.

When i was installing policy today my firewall got switched and I see only ntp-udp and ctp traffic flowing in sec FW before failover.

Is there any clue to find why the failover happened?

Thanks in advance.

Palanivel.S

serlud
2013-08-23, 01:48
Is there ny clue to find why the failover happened?


Depend on you situation you can use 2 following workaround:

1. CPHAD and or FWD problem stat duirimg policy install (check control logs in SmartView Tracker : you should see some thing like :
cluster_info: (ClusterXL) member 2 (XXXXX) is down (Problem Notification on member 2 (XXXXX) detected a problem (cphad).)

In this case you have to increase 2 following timeouts on both cluster members:
To increase CPHAD failure detection to 15 seconds
cphaprob -d cphad -t 15 -s ok -p register
To increase FWD failure detection to 15 seconds
cphaprob -d fwd -t 15 -s ok -p register



2. See Solution ID: sk32488 When to use 'fwha_freeze_state_machine_timeout' parameter

fw ctl set int fwha_freeze_state_machine_timeout 30
vi $FWDIR/boot/modules/fwkern.conf
fwha_freeze_state_machine_timeout=0x1e