Saturday, January 29, 2011

SmartSPLAT Whats New at

Management HA symptoms
ManagementHA has inconsistencies,primary and Secondary HA randomly takes the master role,
rulebase changes that been made at active member does not replicate to other.
on both the cluster members

1. cpstop
2. cd $FWDIR/conf/mgha
3. remove all files.
4. cd $FWDIR/conf/
5. rm applic* and CPMIL*
6. cpstart

note that if you are seeing member leaving and joining messages,
then the cphad and fwd timeouts can be increased on both the cluster members as follows:
# cphaprob -d fwd -t 60 -s ok -p register
# cphaprob -d cphad -t 60 -s ok -p register

Failover occurs in the cluster during Security Policy installation.
Standby member installs the policy faster than the current Active member,
therefore it is the first member to load the new configuration, and as a result the first member to check if there are any Active members with new configuration, so it assumes the Active state.
Enable the "freeze" mechanism on each cluster member (by default this mechanism is disabled).
# fw ctl set int fwha_freeze_state_machine_timeout VALUE_IN_SECONDS (value in HEX format)
# fw ctl set int fwha_freeze_state_machine_timeout 0xb4
B4 = 180 seconds
To disable this mechanism, run:
# fw ctl set int fwha_freeze_state_machine_timeout 0

 FREE SSH Software for Checkpoint Firewalls