CORRECT TEXT Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues.
Answer: fw tab -s -t connections
11 Comments on “CORRECT TEXT Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues.”
h3r3ticsays:
fw ctl pstat
How would viewing the connections table help troubleshoot sync? Whereas sk37030 utilizes fw ctl pstat to troubleshoot sync.
1
0
diman10says:
yeah 100% right need to be fw ctl pstat
1
0
ksays:
agree.
0
0
Eddiesays:
sk37030 utilizes fw debug fwd on/off to troubleshoot too. Why could not be it?
sk62570 say many commands to tshoot syncronization on ClusterXL:
cphaprob state
cphaprob -ia list
cpwd_admin list
ps auxwf
cpstat -f policy fw
fw ctl pstat
ls -l $FWDIR/state/__tmp/FW1
ls -l $FWDIR/state/local/FW1
cpvinfo $FWDIR/bin/fwd
on VSX : ls -l $FWDIR/state/__tmp/VSX
on VSX : ls -l $FWDIR/state/local/VSX
Can anyone explain better?
0
0
Vladsays:
As per question “Write the full >FW< command.." and from that list is the only one
0
0
Vladsays:
“fw ctl pstat” output has at the end sync status like this
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 454, retransmitted : 0, retrans reqs : 0, acks : 6
Sync packets received:
total : 827, were queued : 0, dropped by net : 0
retrans reqs : 0, received 24 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
Callback statistics: handled 19 cb, average delay : 1, max delay : 1
if you run “fw -d ctl setsync off ” and then “fw ctl pstat” it shows:
Sync: off
Had scenario where sync was on but it shows pretty much the same output as when sync is working but instead “Status: Able to Send/Receive sync packets” I had
“Status: Unable to Send sync packets”
“Status: Unable to Receive sync packets”
There could be more scenarios (last one was related to no license installed).
0
0
Catalinsays:
Running on both members
GaiaFW1> fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 17 53 20
-> You should have close ID numbers on both members
Running on both members
GaiaFW1
…
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 3426, retransmitted : 246, retrans reqs : 298, acks : 531
Sync packets received:
total : 1723, were queued : 568, dropped by net : 47
retrans reqs : 224, received 605 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
GaiaFW2
…
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 1851, retransmitted : 82, retrans reqs : 715, acks : 608
Sync packets received:
total : 3179, were queued : 701, dropped by net : 180
retrans reqs : 145, received 458 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
-> It’s difficult to interpret correctly the output
sk37029: Output of ‘fw ctl pstat’ command shows on both members under ‘Sync:’ that there is a huge discrepancy (or even zeros) in ‘total:’ under ‘Sync packets sent
In my case I have both members in sync and for me it is a huge discrepancy between numbers.
I think the right Check Point answer is (R75 style maybe)
fw ctl pstat
How would viewing the connections table help troubleshoot sync? Whereas sk37030 utilizes fw ctl pstat to troubleshoot sync.
1
0
yeah 100% right need to be fw ctl pstat
1
0
agree.
0
0
sk37030 utilizes fw debug fwd on/off to troubleshoot too. Why could not be it?
sk62570 say many commands to tshoot syncronization on ClusterXL:
cphaprob state
cphaprob -ia list
cpwd_admin list
ps auxwf
cpstat -f policy fw
fw ctl pstat
ls -l $FWDIR/state/__tmp/FW1
ls -l $FWDIR/state/local/FW1
cpvinfo $FWDIR/bin/fwd
on VSX : ls -l $FWDIR/state/__tmp/VSX
on VSX : ls -l $FWDIR/state/local/VSX
Can anyone explain better?
0
0
As per question “Write the full >FW< command.." and from that list is the only one
0
0
“fw ctl pstat” output has at the end sync status like this
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 454, retransmitted : 0, retrans reqs : 0, acks : 6
Sync packets received:
total : 827, were queued : 0, dropped by net : 0
retrans reqs : 0, received 24 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
Callback statistics: handled 19 cb, average delay : 1, max delay : 1
if you run “fw -d ctl setsync off ” and then “fw ctl pstat” it shows:
Sync: off
Had scenario where sync was on but it shows pretty much the same output as when sync is working but instead “Status: Able to Send/Receive sync packets” I had
“Status: Unable to Send sync packets”
“Status: Unable to Receive sync packets”
There could be more scenarios (last one was related to no license installed).
0
0
Running on both members
GaiaFW1> fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 17 53 20
-> You should have close ID numbers on both members
Running on both members
GaiaFW1
…
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 3426, retransmitted : 246, retrans reqs : 298, acks : 531
Sync packets received:
total : 1723, were queued : 568, dropped by net : 47
retrans reqs : 224, received 605 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
GaiaFW2
…
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 1851, retransmitted : 82, retrans reqs : 715, acks : 608
Sync packets received:
total : 3179, were queued : 701, dropped by net : 180
retrans reqs : 145, received 458 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
-> It’s difficult to interpret correctly the output
sk37029: Output of ‘fw ctl pstat’ command shows on both members under ‘Sync:’ that there is a huge discrepancy (or even zeros) in ‘total:’ under ‘Sync packets sent
In my case I have both members in sync and for me it is a huge discrepancy between numbers.
I think the right Check Point answer is (R75 style maybe)
0
1
fw tab -t connections -s
0
1
fw ctl pstat
1
0
fw ctl pstat is the correct answer.
1
0
I believe it’s fw ctl pstat
1
0