As a checkpoint administrator most of you have seen the problem where the checkpoint Connectra or gateway shows as problem in smart view monitor.
But while we search for solution we will really have hard time.
So why this needs to be resolved at the earliest?
When i faced this problem one my manager used a phrase to define the situation.
“Sleeping with Snake"
That’s true! Anything may happen any time.
What if the active one goes down?
Will the failover happen properly?
Now I know you understood the seriousness of this issue. Good! So what’s the solution for this?
Troubleshoot - Smartview monitor shows gateway or Connectra problem
As a first step check the physical connectivity and ensure all the cables are connected properly. ( It’s always good to start with basics J)
Then try pushing the policy. (It might get resolved here)
Now get into device command line.
1. Login to the expert mode
2. Type the command cphaprob stat. You will see output similar to below,
Number Unique Address Assigned Load State
1 <IPaddress of active> 100% Active
2 (local) <IPaddress of standby> 0% Standby
Ok, this is to ensure which Gateway is active now.
3. Run the command “cphaprob list “
Output should show the built in devices, registered devices and its status.
Device Name: Interface Active Check
Current state: OK
Usually this might be a problem so we can conclude this is related to the interfaces.
4. Finally run “cphaprob –a if”
We should notice that the two cluster members differed on the number of required interfaces and any of the interface may show “disconnected”
Resolution - Smartview monitor shows gateway or Connectra problem
Ok finally we found the problem it is the interface which shows as disconnected.
1. Ensure if some cable already connected and which might be missing.
2. If not then look for a file $FWDIR/conf/discntd.if or create on both the gateways.
3. Now type the interface name which is not used (interface which is in disconnected state).
4. Then reboot the cluster members one by one.
Open your smartview monitor now,
Both the cluster members should be in the state “OK”
Verify the ClusterXL state which should be perfectly fine.
Run “cphaprob stat” again. Now you can tell the happy news to your Boss J
No comments:
Post a Comment