Wednesday, September 26, 2012

Check Point: 'cphaprob status' Interface Explanations




  • Active - everything is OK.
  • Active Attention - problem has been detected, but the cluster member still forwarding packets, since it is the only machine in the cluster, or there are no active machines in the cluster.
  • Down - one of the critical devices is having problems.
  • Ready -
    • When cluster members have different versions of Check Point Security Gateway, the members with a new version have the ready state and the members with the previous version have the activestate.
    • Before a cluster member becomes active, it sends a message to the rest of the cluster, and then expects to receive confirmations from the other cluster members agreeing that it will becomeactive. In the period of time before it receives the confirmations, the machine is in the ready state.
    • When cluster members in versions R70 and higher have different number of CPU cores and/or different number of CoreXL instances, the member with higher number of CPU cores and/or higher number of CoreXL instances will stay in Ready state, until the configuration is set identical on all members.
  • Standby - the member is waiting for an active machine to fail in order to start packet forwarding. Applies only in high availability mode.
  • Initializing - the cluster member is booting up, and ClusterXL product is already running, but the Security Gateway is not yet ready.
  • ClusterXL inactive or machine is down - Local machine cannot hear anything coming from this cluster member.
Posted by