Thanks, but I guess you didn't read the part where I said I'd like to avoid the discntd.if file procedure.
This SK doesn't really apply as this interface is not used at all. It doesn't explain also why the remaining interfaces eth6,7 & 8 do not appear in ClusterXL monitored list... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Marius Banica Sent: Wednesday, November 24, 2010 11:32 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] ClusterXL: Non-Defined interface showing as DOWN sk30060 Symptoms * "cluster_info: (ClusterXL) interface ethX of member X is down" and "cluster_info: (ClusterXL) interface ethX of member X is up" error messages are displayed in SmartView Tracker even though proper cabling and swithichg is verified. * Some interfaces are shown as "Down" when running cphaprob -a if command on the security gateway. Cause There are inactive or disconnected interfaces on Cluster Member(s). Cluster member interfaces are monitored by Check Point's CCP (Cluster Control Protocol). This protocol reports cluster member interface status to other cluster members. When inactive or disconnected interfaces are not declared in the $FWDIR/conf/discntd.if file, they are perceived as not working correctly and this problem is encountered. Solution Perform one of the following procedures depending on the OS. For UNIX: 1. Run cpstop. 2. Open the $FWDIR/conf/discntd.if with a text editor. 3. Add the name of each interface that you do not want tom be monitored by ClusterXL on a separate line. Example: eth4 eth5 eth6 Note: if the $FWDIR/conf/discntd.if file does not exist, create it. 4. Save changes and exit. 5. Reboot the machine. 6. Repeat the same actions for the other cluster member. For Windows: 1. Open the regedt32 registry editor. Do not use regedit. 2. Under HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\CPHA createa new value with the following characteristics: Value Name : DisconnectedInterfaces Data Type : REG_MULTI_SZ 3. Add the interface name. To obtain the interface system name run the command: fw getifs 4. Add this name to the list of disconnected interfaces using the following format: \device\<System Interface Name> 5. Run cphastop and then cphastart to apply the change. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of M. N. Sent: Wednesday, November 24, 2010 4:52 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] ClusterXL: Non-Defined interface showing as DOWN Guys, We have a non-defined Ethernet interface showing as DOWN on both cluster members when a "cphaprob -a if" command is issued. This currently has no impact as both members are showing as healthy (Active/Standby). The SmartDashboard effectively does NOT show eth0 as it'suppose to and a security policy push & reboot did not solve it. I was just wondering if there's a way to make this disappear without having to resort to the documented "discntd.if" file procedure. Configuration: SPLAT R71.20 Cluster ClusterXL - HA Mode Open Server [exp...@passive-fw]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr F0:4D:A2:06:56:AB UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:146 Memory:d4000000-d4012100 Output: [exp...@passive-fw]# cphaprob -a if Required interfaces: 5 Required secured interfaces: 1 eth0 DOWN (4283.2 secs) non sync(non secured), broadcast eth1 UP non sync(non secured), multicast eth2 UP non sync(non secured), multicast eth3 UP non sync(non secured), multicast eth4 UP sync(secured), multicast eth5 UP non sync(non secured), multicast Virtual cluster interfaces: 4 eth1 X eth2 X eth3 X eth5 X Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
