From: https://firewallengineer.wordpress.com/2012/05/02/solved-how-to-start-check-point-high-availability-cpha-module/
cphaprob stat
will display the status of the cluster
[Expert@R65-FW-254]# cphaprob state
HA module not started.
[Expert@R65-FW-254]#
|
cphaprob -a if
Will display the monitoring interfaces, the fwd, cphd dameon states, look for any interface down alerts if the cluster is down.
[R65-FW-254]# cphaprob -a if
HA module not started.
|
cphaprob list
Will display the overall health status of the cluster / Shows a status in list form
[R65-FW-254]# cphaprob list
Built-in Devices:
Device Name: Interface Active Check
Registered Devices:
Device Name: Synchronization
Registration number: 0
Timeout: none
Device Name: Filter
Registration number: 1
Timeout: none
Device Name: fwd
Registration number: 2
Timeout: 2 sec
[R65-FW-254]#
|
cpstat ha
high availability state
[Expert@R65-FW-254]# cpstat ha
Product name: High Availability
Version: N/A
Status: problem
HA installed: 1
Working mode:
HA started: no
[Expert@R65-FW-254]#
|
[Expert@R65-FW-254]# cpstat -f all ha
Product name: High Availability
Major version: 6
Minor version: 0
Service pack: 1
Version string: N/A
Status code: 2
Status short: problem
Status long:
HA installed: 1
Working mode:
HA protocol version: 2
HA started: no
HA state: ClusterXL inactive or machine is down
HA identifier: 0
Interface table
————————————————
|Name|IP|Status|Verified|Trusted|Shared|Netmask|
————————————————
Problem Notification table
————————————————-
|Name |Status |Priority|Verified|Descr|
————————————————-
|Synchronization|problem| 0| 730| |
|Filter |OK | 0| 730| |
|fwd |OK | 0| 731| |
————————————————-
Cluster IPs table
———————————————–
|Name|IP|Netmask|Member Network|Member Netmask|
———————————————–
Sync table
—————–
|Name|IP|Netmask|
—————–
[Expert@R65-FW-254]#
|
[Expert@R65-FW-254]# fw hastat
HOST NUMBER HIGH AVAILABILITY STATE MACHINE STATUS
localhost ?? module disabled
[Expert@R65-FW-254]#
|
[R65-FW-254]# cpstart
SVN Foundation: cpWatchDog already running
SVN Foundation: cpd already running
SVN Foundation started
FireWall-1: starting external VPN module — OK
Note: This machine is not defined as a part of any Cluster.
It is possible that the IP of this machine as it appears in your hosts
file differs from the general IP of this machine in the Management server.
Alternatively, Check your Cluster configuration in the Management server.
If this machine is no longer part of a Cluster, please disable Check Point ClusterXL
or State Synchronization on it.
FireWall-1: Starting fwd
Installing Security Policy InitialPolicy on all.all@R65-FW-254
Fetching Security Policy from localhost succeeded
Failed to read database.
Probably module was never installed
Failed to fetch policy from masters in masters file
FireWall-1: enabling bridge forwarding
FireWall-1 started
FloodGate-1 is disabled. If you wish to start the service, please run ‘etmstart enable’.
SmartView Monitor: Not active
cpstart: Power-Up self tests passed successfully
cpstart: Starting product – SVN Foundation
cpstart: Starting product – VPN-1
cpstart: Starting product – FloodGate-1
cpstart: Starting product – SmartView Monitor
cpstart: Starting product – Advanced Routing
[R65-FW-254]#
|
[Expert@R65-FW-254]# cpconfig
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
———————-
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable Advanced Routing
(7) Disable cluster membership for this gateway
(8) Automatic start of Check Point Products
(9) Exit
Enter your choice (1-9) 7
|
REFERENCE
https://www.cpug.org/forums/installing-upgrading/9786-how-do-i-start-my-ha-module.html
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36247
SOLUTION [May 20, 2012]
You can read the solution here🙂
https://firewallengineer.wordpress.com/2012/05/20/solved-finally-cpha-configuration-resolved/
0 comentarios:
Post a Comment