Thursday, June 14, 2012

Useful command for Checkpoint Cluster troubleshooting

Cluster related:

To check on Firewall cluster status:

cphaprob stat

expected output:

Cluster Mode:   Load Sharing (Multicast/SDF)
Number     Unique Address  Assigned Load   State
1                10.1.1.2     25%             Active
2                10.1.1.3     25%             Active
3 (local)    10.1.1.4     25%             Active
4                10.1.1.5     25%             Active

combine the command "watch -n "1" cphaprob stat" it will give you a refresh output in 1 seconds interval.


To check on cluster interfaces IP and interface status:

cphaprob -a if

expected output:

Required secured interfaces: 2
eth1       UP                    sync(secured), multicast
eth2       UP                    sync(secured), multicast
eth3       UP                    non sync(non secured), multicast
eth4       UP                    non sync(non secured), multicast

Virtual cluster interfaces: 2
eth3            xx.xx.xx.xx
eth4            xx.xx.xx.xx

To check on cluster processes:

cphaprob -i list

expected output

Built-in Devices:
Device Name: Interface Active Check
Current state: OK

Device Name: HA Initialization
Current state: OK

Device Name: Load Balancing Configuration
Current state: OK

Registered Devices:
Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 543206 sec

Device Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 543200 sec

Device Name: cphad
Registration number: 2
Timeout: 2 sec
Current state: OK
Time since last report: 1 sec

Device Name: fwd
Registration number: 3
Timeout: 2 sec
Current state: OK
Time since last report: 0.4 sec

Device Name: FIB
Registration number: 4
Timeout: none
Current state: OK
Time since last report: 607166 sec

No comments:

Post a Comment