Support Center > Search Results > SecureKnowledge Details
ClusterXL in High Availability mode fails over during policy installations due to missing CUL remote freeze notification
Symptoms
  • ClusterXL in High Availability mode fails over during policy installations.

  • SmartView Tracker logs show the following messages during policy installation:

    cluster_info: (ClusterXL) member X declared less interfaces up than previously known.
    cluster_info: (ClusterXL) member X (IP_Address) is down.
    cluster_info: (ClusterXL) member X (IP_Address) is down (Interface Active Check on member X (IP_Address) detected a problem (N interfaces required, only Z up).).
    cluster_info: (ClusterXL) member X (IP_Address) is up (Interface Active Check on member X (IP_Address) status OK.).
    cluster_info: (ClusterXL) member X (IP_Address) is up.
  • /var/log/messages file shows:

    kernel: [fwX_Y];FW-1: [CUL - Member] Policy Freeze mechanism disabled, Enabling state machine at N kernel: [fwX_Y];fwha_report_id_problem_status: Try to update state to FAILURE due to pnote Interface Active Check (desc member X (IP_Address) reports more interfaces up)
    kernel: [fwX_Y];fwha_report_id_problem_status: Try to update state to ACTIVE due to pnote Interface Active Check (desc <NULL>)
Cause

Cluster members do not install policy at the same exact time, and are not aware when the peer members install policy.

Cluster CUL freeze mechanism on cluster members does not send a remote freeze notification to peer cluster members. As a result, peer cluster members are not aware that the involved cluster member is currently installing the policy. This could lead to flappings/failovers during policy installation because Critical Device "Interface Active Check" reports its state as "problem" (due to missing CCP packets).


Solution
Note: To view this solution you need to Sign In .