Support Center > Search Results > SecureKnowledge Details
Some connections are dropped as out of state after failover in ClusterXL HA mode on 21000 appliances with SAM card
Symptoms
  • Some connections are dropped as out of state after failover in ClusterXL HA mode on 21000 appliances with SAM card.

  • SecureXL SIM debug on new Active member shows:

    ;fwconn_cphwd_get_acct_timeout: returned expiration_time = 20 (time is ...);
    ;fwconn_ent_expire: SXL/FLOWS decision: delay, new timeout=0, new ttl=20;
    ;cphwd_notif_conn_deleted: trying to delete conn
    
Cause

Check Point software implements a refresh mechanism on the accelerated connections when ClusterXL is configured in HA mode. This refresh mechanism ensures that the connections stay alive in both Active as well as Standby member. Refresh mechanism is active only on the Active cluster member and constantly (every 10 minutes) polls on a given connection to ensure there is activity on the connection. The response of this refresh request from accelerator device is periodically synchronized to Standby cluster member to make sure connection stays alive on Standby member as well.

Currently, upon failover, when a Standby member becomes Active, this refresh mechanism is not getting activated. As a result, the connections are getting deleted after a number of hours.


Solution
Note: To view this solution you need to Sign In .