CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: AntiVirus/Antibot Blade failing to sync in Cluster mode

  1. #1
    Join Date
    2015-01-14
    Location
    Wiltshire UK
    Posts
    3
    Rep Power
    0

    Default AntiVirus/Antibot Blade failing to sync in Cluster mode

    Good Evening All

    I have been having a problem with my R77.10 AntiVirus and AntiBot Blade that it keeps failing to sync with another R77.10 in Cluster mode.

    Has anyone else had this issue and if so what are the causes and remedy to fix this problem.

    My initial thoughts are that the Sic Relationship between the Clustered Blades and the SCS was having issues but im not so sure.

    I thought this as i have had issues recently due to the amount of traffic going across my GW's with Policies failing to load correctly. This was down to the Sic failing to authenticate against the SCS.

    Could this be the reason?, If anyone can help or has had this issue please can you let me know

    Many thanks

    Stuart.Tr

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,611
    Rep Power
    8

    Default Re: AntiVirus/Antibot Blade failing to sync in Cluster mode

    Can you explain how your seeing it not sync? Are you failing over and then noticing out of state packets? Why do you think its related to antibot/virus or are you just saying your using those features.

    cphaprob syncstat

    should show some stats on how sync is doing. Sync of course will require SIC to be set to work correctly. There are some other issues that can throw off sync.

    For now maybe explain what your seeing and show the following from both cluster members.

    cphaprob stat
    cphaprob -a if
    cphaprob syncstat

    fw tab -t connections -s

  3. #3
    Join Date
    2015-01-14
    Location
    Wiltshire UK
    Posts
    3
    Rep Power
    0

    Default Re: AntiVirus/Antibot Blade failing to sync in Cluster mode

    jflemingeds Good Evening

    I'm seeing it not syncing as Monitor goes from green to red with the alert of FWA or FWB failing to sync. When i dig into this deeper it shows that AB and AV have failed to sync with the other GW in the Cluster.

    I have the full suite ( all Blades ) running on my GW's have 16 all in spread across 2 separate locations. 8 in each they mirror each other a primary cluster GW and a Secondary Cluster at a separate location, and each time it fails its always the AB and AV that fail to sync.

    To be honest i haven;t had chance to dig much deeper into it further than the above statement however when i get in on monday I should have a better understanding using the cmds you gave as to whats going on.

    The network has always been a bit of an issue in regards to how its been setup but this im working on sorting,

    Any insight into any possible issues and remedies would be greatly appreciated

    many thanks

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,611
    Rep Power
    8

    Default Re: AntiVirus/Antibot Blade failing to sync in Cluster mode

    Well, not knowing how things are setup beside everything is turned my knee jerk reaction is load could be an issue. Have you looking at cpu stats via top (hit 1 on key board for multi cpu view)?

    Run those commands and add this one (forgot about this).

    cphaprob list

    The cphaprob commands are real time so if the cluster is in a ok state they won't return much useful, but most of the time they wil show something useful during an outage.

    Can you explain how the firewalls are talking to each other across sync? Are they directly connected or is there some distance between them, like different buildings.

    I haven't looked through the resolved issues page, but you might want to do so for R77.20. That would show issues fixed in the next version. There is also a jumbo hotfix for R77.10. Go through that list of resolved issues and see if there is anything that might match what your seeing as well.

    Make sure to test SIC via dashboard also. Its under the cluster members section. They should all return communicating. Anything else means there is a problem.

    Wish i could give you a better idea of what to look for but there really isn't a lot of details to go on so far.

Similar Threads

  1. URL Filtering & Antivirus Blade Update error
    By jackieyf in forum Firewall Blade
    Replies: 2
    Last Post: 2013-07-31, 21:31
  2. Has anyone used Antibot blade in a production enviroment yet....?
    By Eros_G in forum Anti-Bot Software Blade
    Replies: 4
    Last Post: 2013-03-13, 13:54
  3. Cluster Nodes Not Responding but not failing over
    By lil_tud in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 17
    Last Post: 2011-07-21, 04:48
  4. No traffic on Cluster Sync interface - Splat 2.6 Cluster XL HA
    By Xoron in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 11
    Last Post: 2009-02-17, 09:05
  5. Determine multicast address for state sync or H.A. mode on a firewall cluster
    By pop_alex in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2006-05-13, 02:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •