Tuesday, October 18, 2011

Cluster Status Active - Ready

Last night I have faced a problem after replacing cluster nodes to new hardwares,
Although software versions was same at # cphaprob stat command, One node was at active and other was at ready
Solution is at CoreXL: Noticed that enabled cores differs on nodes, #  fw ctl multik stat shows this to you.
number of cores should be same at both members.

Monday, October 10, 2011

R75.20 Console Error

If you are getting the below error at SmartConsole,
Failed to save object firewall_properties.
Server error is:Validation error in field 'SynDefender active mode' at
object 'firewall_properties' @ 'properties' --> The value '0' is not in the list of valid values '1~2'. (Code: 0x800415A6, Object Validation Failed)


Create an upgrade_export then Close all SmartConsoles and open GuiDBedit.exe located at SmartConsole directory X:\Program Files\CheckPoint\SmartConsole\R7X\PROGRAM
Find the related object via CTRL+F,In this example its firewall_properties, Change the value of the property (1) and click saveall, If it gives a similar error continue to fix it with needed parameter.

Mobile Access VPN Policy tab is Empty

An exception occured while constructing the view:
CDIeException Exception:
Error Code: 0(Unspecified error)
User Message: Genera Error: Invalid or No UID
Debug Message:
CDleDereferenceReqHandler::_dereferenceSingleFieldObject not found in CPMI
File Name:
f:\ckp\src\cpdle_flow_983000029\cpdle\comm_itf\CommandCpmiAsync.h
Line number: 207
Inner: NONE


Solution:
Backup and delete the files
applications.C
CPMILinksMGR.db
at $FWDIR/conf
This is a general solution for SmartConsole problems..

Updated Note: Checkout connectra_policy.C File , correct the corrupted lines.

Sunday, October 2, 2011

Changing Mac Magic numbers at Checkpoint Cluster

Below operation should be done at the scenario where two checkpoint clusters work on the same network.
To view the values
# fw ctl get int fwha_mac_magic
# fw ctl get int fwha_mac_forward_magic
default values are 254 and 253
Lets change them to 251 and 250
# fw ctl set int fwha_mac_magic 251
# fw ctl set int fwha_mac_forward_magic 250
Also we should write these to $FWDIR/boot/modules/fwkern.conf with hex values like the example below
fwha_mac_magic=0xfb
fwha_mac_forward_magic=0xfa