Configuring Chassis High Availability

Use these settings to configure Active/Standby Chassis.

Configuring Chassis Weights (Chassis High Availability Factors)

Each hardware component in a Chassis has a quality weight factor, which sets its relative importance to overall Chassis health.

For example, ports are more important than fans and are typically assigned a higher weight value.

The Chassis grade is the sum of all component weight values.

In a High Availability environment, the Chassis with the higher grade becomes Active and handles traffic.

The grade for each component is calculated based on this formula:

(Unit Weight) x (Number of components in the state "UP")

To see the weight of each component, run in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group.:

asg stat -v

Description

Use the "set chassis high-availability factors" command to configure a hardware component's weight.

Syntax in Gaia gClish of the Security Group

set chassis high-availability factors sgm <SGM Factor>

set chassis high-availability factors port {other <Other Port Factor> | standard <Standard Port Factor> | mgmt <Management Port Factor> | bond <Bond Port Factor>}

set chassis high-availability factors sensor {cmm <CMM Factor> | fans <Fans Factor> | power_supplies <PSU Factor> | ssm <SSM Factor>}

Parameters

Parameter	Description
`<SGM Factor>`	Weight factor for a Security Group A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Member. Valid range: integer between 0 and 1000.
`<Other Port Factor>`	High grade port factor. Valid range: integer between 0 and 1000.
`<Standard Port Factor>`	Standard grade port factor. Valid range: integer between 0 and 1000.
`<Management Port Factor>`	Management port factor. Valid range: integer between 0 and 1000.
`<Bond Port Factor>`	Bond interface factor. Valid range: integer between 0 and 1000.
`<CMM Factor>`	Weight factor for a CMM. Valid range: integer between 0 and 1000.
`<Fans Factor>`	Weight factor for a fan unit. Valid range: integer between 0 and 1000.
`<PSU Factor>`	Weight factor for a Power Supply Unit Hardware component that supplies AC power with filtering and over-current protection. Acronym: PSU.. Valid range: integer between 0 and 1000.
`<SSM Factor>`	Weight factor for a SSM. This factor applies to all SSMs. Valid range: integer between 0 and 1000.

Examples

[Global] HostName-ch01-01 > set chassis high-availability factors sgm 100

[Global] HostName-ch01-01 > set chassis high-availability factors port other 70

[Global] HostName-ch01-01 > set chassis high-availability factors port standard 50

[Global] HostName-ch01-01 > set chassis high-availability factors sensor cmm 40

[Global] HostName-ch01-01 > set chassis high-availability factors sensor fans 30

[Global] HostName-ch01-01 > set chassis high-availability factors sensor power_supplies 20

[Global] HostName-ch01-01 > set chassis high-availability factors sensor ssm 45

Configuring the Chassis ID

You must make sure that the Chassis IDs are different before you start to configure the software.

Chassis IDs are configured on the CMM and should be 1 for the first Chassis and 2 for the second Chassis.

Important - If the Chassis is up and running, change the Chassis ID on the Standby Chassis. You must perform a Chassis failover.

Step

Instructions

Pull out the first CMM from the Chassis.

Connect to the remaining CMM with a serial cable (baud rate - 9600).

Edit the /etc/shmm.cfg file:

vi /etc/shmm.cfg

Search for:

SHMM_CHASSIS=

Set the correct Chassis ID:

For Chassis 1:

SHMM_CHASSID="1"

For Chassis 2:

SHMM_CHASSID="2"

Save the changes in the file and exit the editor.

Remove the current CMM and insert the second CMM.

Repeat Steps 2 - 6 for the second CMM.

Insert both CMMs into the Chassis.

Attach the correct identification labels to the Chassis and CMMs.

This step is required if the Chassis has already been configured (after the First Time Configuration Wizard).

Pull out all SGMs from the Chassis.

Insert all SGMs into the Chassis.

Important - This step causes a hard reboot of the Chassis.

Configuring the Quality Grade Differential

Description

Use the "set chassis high-availability failover" command in Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish to set the minimum quality grade differential that causes a failover.

Syntax in Gaia gClish of the Security Group

set chassis high-availability failover <Trigger>

Parameters

Parameter	Description
`<Trigger>`	Minimum difference in Chassis quality grade to trigger a failover. Valid range: Integer between 1 and 1000.

Parameter

Description

<Trigger>

Minimum difference in Chassis quality grade to trigger a failover.

Valid range: Integer between 1 and 1000.

Configuring the Failover Freeze Interval

Description

A Standby Chassis cannot failover a second time until the specified failover freeze interval expires.

The default failover freeze interval is:

For the "Active Up" chassis configuration - 30 seconds
For the "Primary Up" chassis configuration - 150 seconds
For VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Virtual System Load Sharing (VSLS) configuration - 150 seconds

If the Standby Chassis grade changes to a value greater than the minimum quality grade gap for a failover, the Standby Chassis fails over and becomes a new Active.

The failover does not start until the freeze interval expires. This confirms that the Standby Chassis quality grade is stable, before it becomes a new Active.

For example, a Standby Chassis quality grade can become unstable if a fan speed increases and decreases frequently.

Syntax in Gaia gClish of the Security Group

set chassis high-availability freeze_interval <Freeze Interval>

Parameters

Parameter	Description
`<Freeze Interval>`	Minimum time in seconds to wait until the next Standby Chassis failover. Valid range: integer between 1 and 1000.

Parameter

Description

<Freeze Interval>

Minimum time in seconds to wait until the next Standby Chassis failover.

Valid range: integer between 1 and 1000.

Notes:

When you run the "asg stat" command after Standby Chassis failover, the output shows the freeze time.
The <Freeze Interval> value is 5 fold greater, if the setup is configured to work in VSLS or "Primary Up" mode.

Example: If the freeze time must be 250 seconds, you must enter the value 50.

Configuring the Chassis Priority

After you configure the High Availability with the "set chassis high-availability mode 1" command (see How Active/Standby Mode Works), you must configure the chassis priority:

set chassis high-availability vs chassis_priority "<ID of Primary Chassis> <ID of Secondary Chassis>"

Example - set Chassis 2 to be the Primary over Chassis 1:

[Expert@HostName-ch0x-0x:0]# gclish

[Global] HostName-ch01-01 > set chassis high-availability vs chassis_priority "2 1"

[Global] HostName-ch01-01 >