Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

checkpoint cluster - prevent a failback

Posted on 2014-10-09
2
Medium Priority
?
239 Views
Last Modified: 2014-11-03
Hi, we are having a checkpoint cluster with two members. Because the primary member has a problem and URL filtering doesn't work we stop it(cpstop) and failover to second member. The problem is that if we restart the primary member it gets the primary role and failback automatically. Is it possible to prevent this failback to primary member and keep staying on secondary.
0
Comment
Question by:dedri
  • 2
2 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412907
Which CheckPoint platform are you using and what version?

Without that information I can only suggest to switch roles (active/standby) between gateways, but for more details how, I need version and platform.
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 2000 total points
ID: 40412925
In a High Availability configuration, when the failed Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:

-    Maintain Current Active Gateway means that if one machine passes on control to a lower priority machine, control will be returned to the higher priority machine only if the lower priority machine fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
-    Switch to Higher Priority Gateway means that if the lower priority machine has control and the higher priority machine is restored, then control will be returned to the higher priority machine. This mode is recommended if one member is better equipped for handling connections, so it will be the default gateway.

To give you more detailed instructions, I need platform and version.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question