Support Center > Search Results > SecureKnowledge Details
Reconfigure VSX Cluster member R77.10 Technical Level
Solution

Refer to the main sk97552 (VSX Reconfigure and Upgrade Matrix to R77.10 / R77.20).

 

When to use this procedure

  • After unrecoverable hardware or software failure.
  • Adding a new cluster member.

 

Procedure

Note: Renewable in the procedure below denotes a VSX cluster member, which should be reconfigured.

  1. Backup the involved machines at the same time:

    • Security Management Server / Multi-Domain Security Management Server
    • Renewable VSX cluster member

    Note: Refer to "Related Documentation" section below - "How to Backup".

  2. After a hardware failure on VSX machine, install replacement machine with identical hardware configuration.

  3. Perform clean installation of R77.10 on the Renewable VSX cluster member (refer to "Related Documentation" section below).

  4. Run Gaia First Time Configuration Wizard on the Renewable VSX cluster member (refer to sk71000 and sk69701).
    In case of recovery from a failure, you must use the same Management IP address as was used by the previous cluster member (prior to the failure).
    In case of adding new member, you will need to set the member IP address as specified in the 'vsx_util add_member' procedure.

  5. In case Bonding needs to be configured, then configure it now on the Renewable VSX cluster member. Refer to the R77 Gaia Administration Guide.

  6. If any hotfixes were installed, then install them on the Renewable VSX cluster member.
    For hotfix installation instructions, refer to the release notes that were provided with the hotfix, or contact Check Point Support.

  7. Set the version of CCP protocol to 5000 on the Renewable VSX cluster member (this will prevent the Renewable VSX cluster member from being 'Active' before the reconfigure process ends):

    1. Create the $FWDIR/boot/modules/fwkern.conf file (if it does not already exit):

      [Expert@HostName]# touch $FWDIR/boot/modules/fwkern.conf

    2. Edit the $FWDIR/boot/modules/fwkern.conf file in Vi editor:

      [Expert@HostName]# vi $FWDIR/boot/modules/fwkern.conf

    3. Add the following line (spaces are not allowed):

      fwha_version=5000

    4. Save the changes and exit from Vi editor.

    5. Check the contents of the $FWDIR/boot/modules/fwkern.conf file:

      [Expert@HostName]# cat $FWDIR/boot/modules/fwkern.conf


  8. This step applies only to R77.10 VSX Load Sharing (VSLS) cluster with exactly two members:

    Permanently disable hibernation (moving to "Backup" state) on the Renewable VSX cluster member - set the value of kernel parameter 'fwha_hibernate_single_member' to 0.

    Append the following line to the $FWDIR/boot/modules/fwkern.conf file using Vi editor (spaces are not allowed):

    fwha_hibernate_single_member=0

    Note: If this file does not exist, then create is using the 'touch' command.

  9. Install the required licenses on the Renewable VSX cluster member using cplic put command.

  10. Reboot the Renewable VSX cluster member.

  11. Start the reconfigure process on the Security Management Server / Main Domain Management Server.

    Run the 'vsx_util reconfigure' command and follow on screen instructions.

    Important Note: If you have vital configuration in Gaia OS / FireWall / SecureXL / CoreXL / etc. (e.g., Dynamic Routing, DHCP Relay, $FWDIR/boot/modules/fwkern.conf, $PPKDIR/boot/modules/simkern.conf, $FWDIR/conf/fwaffinity.conf, or any other special configuration), then do NOT reboot after the reconfigure operation. First, reconfigure the required Gaia OS settings in Clish, add the required settings in the configuration files, and only then reboot the machine.

  12. Set the version of CCP protocol on the Renewable VSX cluster member to the verion of currently Active cluster members:

    1. Edit the $FWDIR/boot/modules/fwkern.conf file in Vi editor:

      [Expert@HostName]# vi $FWDIR/boot/modules/fwkern.conf

    2. Delete the following line:

      fwha_version=5000

    3. Save the changes and exit from Vi editor.

    4. Check the contents of the $FWDIR/boot/modules/fwkern.conf file:

      [Expert@HostName]# cat $FWDIR/boot/modules/fwkern.conf

    5. Reboot the Renewable VSX cluster member.

 

Related Documentation

Show / Hide documentation

Documents:

 

Solutions:

 

How to Backup:

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment