hhf/diagnostics_cheat_sheets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diagnostics_cheat_sheets/cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc
hhftechnologies ccdfb79a59 update
2024-10-01 11:45:28 +05:30

45 lines
2 KiB
Text
Raw Permalink Blame History

= Checkpoint Firewalls Debug Cheat Sheet
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Status: Work in progress.
== Cluster XL (ClusterXL) debug
[cols=2,"options="header"]
|===
|command
|Description
|*cphaprob state*
|Show status of the cluster and its members, if down - show the descriptive reason and when the state change happened,type of clustering - HA/Load Sharing/VRRP, IP address of each member's sync interface, problematic _pnote_ that causes failover, number of failovers since last restart.
|*cphaprob -ia list*
|Show detailed information on the failed __pnote__/Critical Device of this member. List of pnotes enabled by default (differs by version/model so not a reference): _Interface Active Check_, _Recovery Delay_ , _CoreXL Configuration_, _Fullsync_, _Policy/filter_, _routed_, _fwd_, _cphad_, _init_, _cvpnd_.
|*cphaprob -l list*
|List ALL _pnotes_ of the member, including in _OK_ state.
|*cphaprob -a if*
|Show all the interfaces seen by the cluster on this member. _Monitored_ are interfaces monitored by the cluster and if failed would cause fail over. _Secured_ is/are interface(s) the cluster uses to synchronize members. In Checkpoint appliances it is usually named `Sync`. Also show cluster synchronization mode - broadcast/multicast,
|*cphaprob -m if*
|Show the monitored interfaces but also add ClusterXL VLAN monitoring info - which VLANs on which interface are being monitored.
|*cphaprob syncstat*
|Show detailed synchronization states and traffic statistics: sync traffic drops/sent/received/queue szie/delta interval. Good at showing network/communication problems between cluster members.
|*cphaprob show_failover*
|Show detailed history log of failover events with their dates and reasons. Checkpoint records last 20 failovers by default.
|*cphaprob mmagic*
|Show the cluster magic number, relevant if multiple clusters are present in the same network.
|*cphaprob show_bond*
|Show bond interfaces.
|*cpview -> Advanced -> ClusterXL*
|Partial output of the above commands in TUI interface.
|===
Reference in a new issue View git blame Copy permalink