All “true” clusters require that certain attributes are syncronised. So that in the event of a failover the newly promoted node can continue where the other node left off.
In order to ensure that the State Tables of all your nodes within your Check Point Cluster are syncronised you will need to check the #VALS of your State Table summary on each node.
Note :
- You may find that these figures aren`t identical but this is just down to the delay/latancy in which occurs between State Syncronisations. You should only be concerned if the values are hunreds or even thousands out.
- The best way to view the State Table summaries (on SPLAT based firewalls) is to run the command watch ‘fw tab -t connections -s’.
- Below is based on a R65 ClusterXL HA Cluster.
Steps
Check the State Tables on both nodes, checking for the #VAL totals.
[Expert@fw1]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 3624 36074 14234
[Expert@fw2]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 3632 36073 14242
You can see here that the #VALS are fairly similar. With this we can safley say that the State Tables are syncronised.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial