learning forever
lssue:
Unable to access F5 webui for the management activity.
Cause:
Https service is not working properly or in hung state
Resolution:
Restart httpd and tomcat services to resolve webui access issues. Command details are mentioned below.
tmsh restart /sys service httpd
tmsh restart /sys service tomcat
To failover traffic from Primary Fortigate firewall to standby just change the priotiy of the firewall. Details are mentioned with an example.
Primary Firewall configuration:
Fortigate-Primary (global) # show system ha
config system ha
set group-id 1
set mode a-p
set hbdev “port1” 50 “port2” 50
set session-pickup enable
set override enable
set priority 200
set monitor “port3” “port4”
end
Secondary Firewall configuration:
Fortigate-Secondary (global) # show system ha
config system ha
set group-id 1
set mode a-p
set hbdev “port1” 50 “port2” 50
set session-pickup enable
set priority 125
set override enable
set monitor “port3” “port4”
end
Verfify cluster status:
Fortigate-Primary (global) # get system ha status
Model: 3810
Mode: a-p
Group: 1
Debug: 0
ses_pickup: enable
Master:200 CERTVIDEOS-FORTI-PRI FG3J1A6122622645 0
Slave :125 CERTVIDEOS-FORTI-SEC FG3J1A6122611412 1
number of vcluster: 1
vcluster 1: work 198.1.1.1
Master:0 FG3J1A6122622645
Slave :1 FG3J1A6122611412
Failover the traffic from active to standby (Master to slave):
Fortigate-Primary-~ (global) # config system ha
Fortigate-Primary-~ (ha) # set priority 124
Fortigate-Primary-~ (ha) # end
To do this from GUI, navigate to Config > HA, click the edit icon and change the firewall priority.
Please follow below steps to rename virtual server and pool on F5 BIGIP :
tmsh modify /sys db mcpd.mvenabled value true
2. Rename virtual server with mv command
tmsh mv ltm virtual <original_VS_name> <new_VS_name>
3. Rename your pool with same command
tmsh mv ltm pool <original_pool_name> <new_pool_name>
4. Disable database so no one can modify configurations
tmsh modify /sys db mcpd.mvenabled value false
[Expert@]# cphaprob state
Cluster Mode: New High Availability (Active Up)
| Number | Unique Address | Assigned | Load | State |
|
1 (local) |
1.1.1.1 |
100% |
Active |
|
| 2 | 1.1.1.2 | 0% | Standby |
2. Active Attention – problem has been detected, but the cluster member still forwarding packets, since it is the only machine in the cluster, or there are no active machines in the cluster.
[Expert@]# cphaprob state
Cluster Mode: New High Availability (Active Up)
| Number | Unique Address | Assigned | Load | State |
|
1 (local) |
1.1.1.1 |
100% |
Active attention |
|
| 2 | 1.1.1.2 | 0% | down |
3. Down – one of the critical devices is having problems.
[Expert@]# cphaprob state
Cluster Mode: New High Availability (Active Up)
| Number | Unique Address | Assigned | Load | State |
|
1 (local) |
1.1.1.1 |
100% |
Active |
|
| 2 | 1.1.1.2 | 0% | down |
4. Ready
When cluster members have different versions of Check Point Security Gateway, the members with a new version have the ready state and the members with the previous version have the active state.
Before a cluster member becomes active, it sends a message to the rest of the cluster, and then expects to receive confirmations from the other cluster members agreeing that it will become active. In the period of time before it receives the confirmations, the machine is in the ready state.
When cluster members in versions R70 and higher have different number of CPU cores and/or different number of CoreXL instances, the member with higher number of CPU cores and/or higher number of CoreXL instances will stay in Ready state, until the configuration is set identical on all members.
[Expert@]# cphaprob state
Cluster Mode: New High Availability (Active Up)
| Number | Unique Address | Assigned | Load | State |
|
1 (local) |
1.1.1.1 |
100% |
Ready |
5. Initializing– the cluster member is booting up, and ClusterXL product is already running, but the Security Gateway is not yet ready.
6.ClusterXL inactive or machine is down — Local machine cannot hear anything coming from this cluster member.
[Expert@]# cphaprob state
Cluster Mode: New High Availability (Active Up)
| Number | Unique Address | Assigned | Load | State |
|
1 (local) |
1.1.1.1 |
100% |
Active |
|
| 2 | 1.1.1.2 | 0% | ClusterXL inactive or machine is down |
indepthtechnology 