Cluster object still appears in the MDS level after it was deleted from a domain
When the cluster object is deleted from a domain, its relevant representation in the MDS is not deleted because of a server exception. The cluster's representation in the MDS needs to be deleted with a dedicated command.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
For other supported versions, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification, please collect CPinfo files from the Security Management Server and Security Gateways involved in the case.
Hotfix installation instructions:
Hotfix has to be installed on Security Management Server / Multi-Domain Security Management Server.
Note: In Management HA environment, this procedure must be performed on both Management Servers.
Using CPUSE - On Security Gateway / Management Server running Gaia OS:
Make sure to install the latest build of the CPUSE Agent.
Refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent):
- Section "(4-A-c)" / "(4-A-d)" - refer to import instructions for Offline procedure
- Section "(4-B-a)" - refer to installation instructions for Hotfixes
You can also use the sk111158 - Central Deployment Tool (CDT) to install this hotfix on Security Gateways.
Note: Reboot is required.
Using Legacy CLI - On Management Server running SecurePlatform/Linux/IPSO OS:
Note: You must be connected either over Console, or LOM card (SSH session could be disconnected). On VSX versions R77.30 and lower, the Gaia CPUSE does not support installation of hotfixes (refer to sk92449 - section "(2)" - "VSX Gateways").
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack and install the hotfix package:
[Expert@HostName]# cd /some_path_to_fix/
Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
[Expert@HostName]# tar -zxvf fw1_wrapper_<HOTFIX_NAME>.tgz
Reboot the machine.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.