Difference between revisions of "Gaia VRRP setup guide"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(Checking your configuration)
(Checking your configuration)
Line 33: Line 33:
 
! Amount
 
! Amount
 
|-
 
|-
| [Expert@chkpfw1]# '''clish -c "show vrrp summary"'''
+
|  
 +
[Expert@chkpfw1]# '''clish -c "show vrrp summary"'''
 
  <br>VRRP State  
 
  <br>VRRP State  
 
     VRRP Router State: Up
 
     VRRP Router State: Up
Line 42: Line 43:
 
         In Backup state 0
 
         In Backup state 0
 
         In Master state 2
 
         In Master state 2
| [Expert@chkpfw2]# '''clish -c "show vrrp summary"'''
+
|  
 +
[Expert@chkpfw2]# '''clish -c "show vrrp summary"'''
 
  <br>VRRP State  
 
  <br>VRRP State  
 
     VRRP Router State: Up
 
     VRRP Router State: Up

Revision as of 08:34, 15 September 2013

Contents

from clish prompt, create vrid, add backup-addresses, save config

Expert@chkpfw2]# clish
chkpfw2> add mcvr vrid 100 priority 95 priority-delta 10
chkpfw2> add mcvr vrid 100 backup-address 172.16.31.1
chkpfw2> add mcvr vrid 100 backup-address 192.168.1.1
chkpfw2> save config

configure cluster object

If upgrading from SecurePlatform, you will need to set the O.S. verions. When you do this, the "ClusterXL" option on the left side will expand to read "ClusterXL and VRRP"

chkp vrrp cluster config-1.png


Select VRRP as your HA method. Also, I like to enable the "Forward Cluster Incoming traffic..." option. Otherwise you cannot ping your VRRP backup / cluster IPs to see if they are working.


chkp vrrp cluster config-1.png

Add rule to allow vrrp adverstisements

Failure to do so will cause master/master status.

chkp vrrp rule.png



Checking your configuration

Item Amount
[Expert@chkpfw1]# clish -c "show vrrp summary"

VRRP State VRRP Router State: Up Flags: On Interface enabled: 2 Virtual routers configured: 2 In Init state 0 In Backup state 0 In Master state 2
[Expert@chkpfw2]# clish -c "show vrrp summary"

VRRP State VRRP Router State: Up Flags: On,MonitorFirewall Interface enabled: 2 Virtual routers configured: 2 In Init state 0 In Backup state 2 In Master state 0


Verify your vrrp backup address is in effect. It will NOT show up in ifconfig output. Also, you cannot ping the backup-addresses in Gaia like you could in ipso.

Expert@chkpfw1]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:0c:29:d8:3e:56 brd ff:ff:ff:ff:ff:ff
   inet 172.16.31.9/28 brd 172.16.31.15 scope global eth0
   inet 172.16.31.11/28 brd 172.16.31.15 scope global secondary flags 10 eth0   <<< this line is the vrrp backup-address