CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Check Point / IPSO Cluster (cphaprob -a if) not reporting interfaces correctly

  1. #1
    Join Date
    2010-01-22
    Posts
    2
    Rep Power
    0

    Default Check Point / IPSO Cluster (cphaprob -a if) not reporting interfaces correctly

    Check Point / IPSO Cluster (cphaprob -a if) not reporting interfaces correctly

    We have a firewall cluster of two IP567s running IPSO 6.2 and Check Point R70.50 with what appears to be a cosmetic problem

    at this time. My real concern is that I fear this can come back and bite us with out later upgrades.

    To start, this issue does not exist if we are running IPSO 6.2 and Check Point R65 HFA 70.

    After we upgraded and addressed a multicast_address issue in our objects_5.0.C file, we have what appears to be a

    functioning cluster with the following output issue for the "cphaprob -a if" command:

    fw-ita-hotspot1[admin]# cphaprob -a if

    eth-s1p1c0 non sync(non secured)
    eth4c0 non sync(non secured)
    eth2c0 sync(secured), broadcast
    eth3c0 sync(secured), broadcast
    eth1c0 non sync(non secured)

    Virtual cluster interfaces: 5

    eth-s1p1c0 192.168.200.8
    eth4c0 204.99.250.58
    eth2c0 10.10.140.58
    eth3c0 10.10.140.68
    eth1c0 10.3.14.28

    fw-ita-hotspot2[admin]# cphaprob -a if

    eth-s1p1c0 non sync(non secured)
    eth4c0 non sync(non secured)
    eth2c0 sync(secured), broadcast
    eth3c0 sync(secured), broadcast
    eth1c0 non sync(non secured)

    Virtual cluster interfaces: 2

    eth-s1p1c0 192.168.200.8
    eth4c0 204.99.250.58

    Five interfaces are listed as virtual cluster interfaces for the first node, only two for the second, but the second

    firewall is certainly aware of all five interfaces.

    We have removed and re-added each node from the cluster in IPSO via Voyager.

    We have also deleted and re-created the Check Point Cluster object.

    While the cluster appears to work fine, the issue above persists.

    Any advice or suggestion would be greatly appreciated.

    Thanks...

    Mike.

  2. #2
    Join Date
    2012-02-06
    Posts
    34
    Rep Power
    0

    Default Re: Check Point / IPSO Cluster (cphaprob -a if) not reporting interfaces correctly

    Can you please confirm any production traffic impacted due to this issue ? we also facing same issue. Please let us know if any solution for this.
    Last edited by ecesureshkumar; 2017-04-05 at 05:42.

Similar Threads

  1. Replies: 0
    Last Post: 2012-02-13, 04:30
  2. Upgrade IP350 - IPSO and Check Point
    By ppl321 in forum Installing And Upgrading
    Replies: 2
    Last Post: 2011-04-11, 08:55
  3. "cphaprob state" and "cphaprob -a if" output of a working SPLAT NGx R70.20 cluster
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 0
    Last Post: 2010-02-11, 22:28
  4. cphaprob state: 'during cluster upgrade'
    By Reaper in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 6
    Last Post: 2008-09-18, 09:02
  5. IPSO & Check Point Upgrade
    By walcat_0 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 9
    Last Post: 2008-07-01, 06:26

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •