This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version
(upgrade Security Gateway / upgrade Security Management Server / upgrade Multi-Domain Security Management).
For R80.20 and R80.30, ClusterXL Load Sharing mode is available with the following Jumbo Hotfixes:
- ClusterXL in Load Sharing mode is not supported with IPSec VPN blade enabled (this limitation does not apply to VSX in VSLS mode)
- Jumbo Hotfix has to be installed both on Security Gateway and Security Management/Multi-Domain Management server.
- Starting from R80.20, the ccl_force_sticky kernel parameter must be set to 1 (in fwkern.conf) on all cluster members.
How to unblock ClusterXL Load Sharing mode on the Security Management:
Client side (Windows):
- Open system properties.
- In Advance tab click on "Environment Variables".
- Change ENABLE_CLUSTER_LOAD_SHARING_R80_20 variable to 1.
- Note: Exactly the same variable is used for versions R80.20 and above.
- Save changes.
- Restart your computer.
Server side (Management):
- Edit the cpm.sh file:
Go to the end of the file and find the last line with exec command: "exec $JAVA_HOME/bin/java ..."
Before that line add: export ENABLE_CLUSTER_LOAD_SHARING_R80_20=1
Save the change of the script
- For Security Management server file location is: $FWDIR/scripts/cpm.sh
- For Multi-Domain Management server file location is: $MDS_FWDIR/scripts/cpm.sh
Note: Both the environment variables, on the Windows client and on the Management server must be set.
sk101539 - ClusterXL Load Sharing mode limitations and important notes
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.