CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: Web Server Error

  1. #1
    Join Date
    2019-02-11
    Posts
    3
    Rep Power
    0

    Default Web Server Error

    Hi Everyone,
    We changed our setup from High Availability ClusterXL to Load Balancing Unicast. Upon changing, the server is not viewable when the traffic is passing through the secondary firewall but telnet is successful. When we stop the primary firewall services and let all the traffic pass through the secondary firewall the server page is already viewable but upon starting the primary firewall the error still persist. Below is the error that is displayed when accessing the server using the secondary firewall.

    Error
    This page can't be displayed. Contact support for additional information.
    The incident ID is: N/A


    Hope you can help me with this one. Thank you

  2. #2
    Join Date
    2007-06-04
    Posts
    3,303
    Rep Power
    17

    Default Re: Web Server Error

    If reading this correctly then if only one of the boxes is actually processing traffic then this works.

    What I would suspect is happening here is that the connection potentially been handled between the two members, which then breaks the connection, whereas when only one box present then the same member handles all the connections.

    If you run fw monitor on both members then you should be able to confirm that this is indeed happening.

    You may want to look at enabling the Sticky Decision Function.

    Found under ClusterXL then Advanded and then is in the Advanced Load Sharing window.

    Sticky Decision should mean that the same Cluster Member handles the connections.

    Sticky Decision however can have other issues so make sure that read fully about Sticky Decision and it's impact.

    Any particular reason that using the Load Sharing as most people tend to avoid it especially where just two boxes as can introduce more problems especially in terms of troubleshooting as not sure which box the connection goes through so debugging can be more problematic.

  3. #3
    Join Date
    2019-02-11
    Posts
    3
    Rep Power
    0

    Default Re: Web Server Error

    Hi Mcnallym,
    Upon checking, Sticky Decision function is already enabled. However, the error still prompted when the traffic is passing though the secondary firewall. We also check the event and error logs from the web server but there are no errors found that may cause the troubled viewing of the server. Are there any configurations that we need to add? or do you have any more recommendations? Thank you.

  4. #4
    Join Date
    2007-06-04
    Posts
    3,303
    Rep Power
    17

    Default Re: Web Server Error

    Have always avoided Load Sharing so I don't really have any exposure to it beyond when being on Training Course.

    Other then suggesting tweaking the SDF trying the different options then cannot really suggest anything.

    Could use the fw monitor to confirm that the traffic flow is using the same path so would need to run on both boxes at the same time.

    Check using the fw ctl zdebug + drop | grep address_of_server and make sure that not dropping anything.

    After that kind of out of suggestions

  5. #5
    Join Date
    2014-09-02
    Posts
    354
    Rep Power
    10

    Default Re: Web Server Error

    Also verify that both GW's are configured identically - especially as far as routing. Symptoms almost sound like secondary is unable to route packets properly.

    This can be avoided by a far-too-underutilized feature called "Cloning groups". I won't dive into that here, but for anyone who runs clusters and hasn't heard of it, check it out.

    -E

Similar Threads

  1. Error when logging into CLI of Provder-1 server
    By ivyma in forum Provider-1 (Multi-Domain Management)
    Replies: 9
    Last Post: 2018-02-21, 11:41
  2. Replies: 2
    Last Post: 2011-08-22, 09:47
  3. Error when launching SVM: Server is disconnected!
    By eyunghans in forum SmartView Monitor
    Replies: 4
    Last Post: 2010-05-05, 11:58
  4. Error Mgt server to Firewall
    By switzer in forum Installing And Upgrading
    Replies: 3
    Last Post: 2009-04-08, 11:50
  5. Integrity Server Error 290!
    By ilmaz in forum Secure Access
    Replies: 1
    Last Post: 2008-05-16, 17:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •