Controlling ISP Redundancy from CLI

You can control the ISP Redundancy behavior from CLI.

Force ISP Link State

Use the "fw isp_link" command to force the ISP link state to Up or Down State of a Cluster Member during a failure when one of the Critical Devices reports its state as "problem": In ClusterXL, applies to the state of the Security Gateway component; in 3rd-party / OPSEC cluster, applies to the state of the State Synchronization mechanism. A Cluster Member in this state does not process any traffic passing through cluster..

Use this to test installation and deployment, or to force the Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members to recognize the true link state if it cannot (the ISP link is down but the gateway sees it as up).

• You can run this command on the Cluster Members:

  fw isp_link <Name of ISP Link in SmartConsole> {up | down}

• You can run this command on the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

  fw isp_link <Name of Cluster Member Object> <Name of ISP Link in SmartConsole> {up | down}

For more information, see the R80.40 CLI Reference Guide > Chapter Security Gateway Commands - Section fw - Section fw isp_link.

The ISP Redundancy Script

When the Cluster Member Security Gateway that is part of a cluster. starts, or an ISP link state changes, the $FWDIR/bin/cpisp_update script runs on the Cluster Member.

This script changes the default route of the Cluster Member.

Warning - We do not recommend that you make any changes in this script.