2 Replies Latest reply on Feb 9, 2014 3:54 AM by cyberz

    HA Questions - failover does not work anymore

    cyberz

      Hi,

       

      it is about two McAfee Firewalls 410F, Version 7.0.1.02, in HA, designate as primary/standby cluster.

      The failover has always worked, but after a reboot totay, both firewalls ar not longer connect "in HA".

       

      FW1                    169.254.200.2

      FW2                    169.254.200.3

      Failover-IP         169.254.200.1

       

      Both FW are directly connected, with a patch cable. I have rebooted both systems repeatedly

       

      ======================================================

      FW1

       

      fw1-master:Admn {5} % cf cluster status

       

                              HA Cluster Status Information                       

                              =============================                       

       

      Primary Host:        fw1-master.bcc.de                   

      Primary IP Address:  169.254.200.2                          

      Cluster Burb:        'failover'                             

      Cluster Cert:        'Default_Enterprise_Certificate'       

      Cluster CA:          'Default_Enterprise_CA'                

       

      Member Name          State         IP Address    

      -------------------- ------------- ---------------

      fw1-master.bcc.de registered    169.254.200.2 

      fw2-backup.bcc.de registered    169.254.200.3 

       

       

                            Policy and Peer Connection Status                     

                            =================================                     

       

      fw1-master.bcc.de (primary)

      --------------------------------

          Connection State  :  Localhost                              

          Policy Version    :  2112-1391709186.34-1391729592          

          FW Version        :  70102                                  

          Status            :  Up to date - Current                   

       

      fw2-backup.bcc.de (peer)

      ----------------------------

          Connection State  :  Not Connected                          

          Last Dispatch     :  Never dispatched                       

          Policy Version    :  Unknown                                

          FW Version        :  70102                                  

          Status            :  Lost Connection

       

      fw1-master:Admn {4} % ping 169.254.200.3

      PING 169.254.200.3 (169.254.200.3): 56 data bytes

      64 bytes from 169.254.200.3: icmp_seq=0 ttl=64 time=0.254 ms

      64 bytes from 169.254.200.3: icmp_seq=1 ttl=64 time=0.223 ms

      64 bytes from 169.254.200.3: icmp_seq=2 ttl=64 time=0.378 ms

      64 bytes from 169.254.200.3: icmp_seq=3 ttl=64 time=2.465 ms

      64 bytes from 169.254.200.3: icmp_seq=4 ttl=64 time=0.391 ms

       

      -------------------------------------------------------------------------------- ---------------------------------

      FW2

       

      fw2-backup:Admn {3} % cf cluster status

       

                              HA Cluster Status Information                       

                              =============================                       

       

      Primary Host:        fw1-master.bcc.de                   

      Primary IP Address:  169.254.200.2                          

      Cluster Burb:        'failover'                             

      Cluster Cert:        'Default_Enterprise_Certificate'       

      Cluster CA:          'Default_Enterprise_CA'                

       

      Member Name          State         IP Address    

      -------------------- ------------- ---------------

      fw1-master.bcc.de registered    169.254.200.2 

      fw2-backup.bcc.de registered    169.254.200.3 

       

       

                            Policy and Peer Connection Status                     

                            =================================                     

       

      fw1-master.bcc.de (primary)

      --------------------------------

          Connection State  :  Not Connected                          

          Last Dispatch     :  Never dispatched                       

          Policy Version    :  Unknown                                

          FW Version        :  70102                                  

          Status            :  Lost Connection                        

       

      fw2-backup.bcc.de (peer)

      ----------------------------

          Connection State  :  Localhost                              

          Policy Version    :  2106-1391708111.25-1391729583          

          FW Version        :  70102                                  

          Status            :  Up to date - Current

       

       

      fw2-backup:Admn {2} % ping 169.254.200.2 

      PING 169.254.200.2 (169.254.200.2): 56 data bytes

      64 bytes from 169.254.200.2: icmp_seq=0 ttl=64 time=0.409 ms

      64 bytes from 169.254.200.2: icmp_seq=1 ttl=64 time=0.228 ms

      64 bytes from 169.254.200.2: icmp_seq=2 ttl=64 time=0.239 ms

      64 bytes from 169.254.200.2: icmp_seq=3 ttl=64 time=0.228 ms

       

      Do you have a few helpful commandos or debugging options for me?

      showaudit -e -k?

      tcpdump?

       

      Many thanks!