Big News🙂 FWHealth - Firewall Health Reporting Tool, is now 100% Free, Forever. Try it Now

KB000049- Management HA/Full HA Lagging Issue

Management HA/Full HA Lagging Issue

QOS Technology

Author: Siddana

*******************************************************

Symptoms:

 1. Management HA status shows “Lagging”

 2. When synchronizing manually, the status changes to 'Synchronized' and then to 'Lagging' after updating contracts. 

Solution:

Procedure A:

1. Stop the checkpoint services

#cpstop

2. Backup $FWDIR/conf/mgha directory

#cp $FWDIR/conf/mgha/*    /var/tmp

3. Delete the contents of $FWDIR/conf/mgha directory

#rm $FWDIR/conf/mgha/*

4. Backup CPMIL* and applications.C* files from $FWDIR/conf directory

#cp $FWDIR/conf/CPMIL*   /var/tmp

#cp $FWDIR/conf/applications.C*  /var/tmp

5. Remove CPMIL* and applications.C* files form $FWDIR/conf directory

#rm $FWDIR/conf/CPMIL*

#rm $FWDIR/conf/applications.C*

5. Start checkpoint services

#cpstart

If Procedure A doesn't solve the issue, then go with Procedure B

Procedure B:

->Open SmartUpdate and perform Contract Update (SmartUpdate > Licenses & Contracts > Update Contracts > From UserCenter...) 

->Check HA Synchronization status on SmartDashboard 

->If Contract Update makes is changing status to Lagging, please following below steps: 

1. Stop the checkpoint services

#cpstop

2. Backup the $FWDIR/conf/tables.C file

#cp $FWDIR/conf/tables.C   tables.C.bak

3. Add attribute mgmt_ha_opt to contracts table.

Search for table contracts

add the following line just after :private_lockable (false)

:mgmt_ha_opt (0x00000001)

This how it should like before the change:

= = = ==

)

: (contracts

:display_str (Contracts)

:table_clsid ("{4D998D0A-25DC-48f6-9677-8FAB0F991BF2}")

:db_clsid ("{C7E765A8-CBD2-4b04-9F7F-7EC61F4ECBB5}")

:file_name (contracts.c)

:archive_opt (0xfffffff9)

:read_permission (0x00000000)

:write_permission (0x00040000)

:read_permissions_list ("{all}")

:write_permissions_list ("{objects_database}")

:private_lockable (false)

:queries (

:all ("*")

)

)

= = = ==

That how it should look like after the change:

= = = ==

)

: (contracts

:display_str (Contracts)

:table_clsid ("{4D998D0A-25DC-48f6-9677-8FAB0F991BF2}")

:db_clsid ("{C7E765A8-CBD2-4b04-9F7F-7EC61F4ECBB5}")

:file_name (contracts.c)

:archive_opt (0xfffffff9)

:read_permission (0x00000000)

:write_permission (0x00040000)

:read_permissions_list ("{all}")

:write_permissions_list ("{objects_database}")

:private_lockable (false)

:mgmt_ha_opt (0x00000001)

:queries (

:all ("*")

)

)

= = = ==

4. Save the changes

5. Start the checkpoint services

#cpstart

NOTE: THE PROCEDURES SHOULD BE FOLLOWED ON BOTH THE MANAGEMENT SERVERS.

             PROCEDURE ‘A’ CAN BE USED FOR ANY OTHER MANAGEMENT SYNCHRONIZATION ISSUES.

-----------------

For additional help or business inquiry, you can always reach out to us at info@qostechnology.in

  • 50
  • 10-Oct-2019
  • 2110 Views