Module 'cluster' (ClusterXL)

Syntax

On the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster Member Security Gateway that is part of a cluster., run in the Expert mode:

fw ctl debug -m cluster + {all | <List of Debug Flags>}

On the Scalable Platform Security Group, run in the Expert mode:

g_fw ctl debug -m cluster + {all | <List of Debug Flags>}

Notes:

To print all synchronization operations in Check Point cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. in the debug output, enable these debug flags:
- The debug flag "sync" in Module 'fw' (Firewall)
- The debug flag "sync" in Module 'CPAS' (Check Point Active Streaming)

To print the contents of the packets in HEX format in the debug output (as "FW-1: fwha_print_packet: Buffer ..."), before you start the kernel debug, set this kernel parameter on each Cluster Member / the applicable Scalable Platform Security Group:

On the Security Gateway / each Cluster Member, run in the Expert mode:

fw ctl set int fwha_dprint_io 1

On the Scalable Platform Security Group, run in the Expert mode:

g_fw ctl set int fwha_dprint_io 1

To print all network checks in the debug output, before you start the kernel debug, set this kernel parameter on each Cluster Member:

On the Security Gateway / each Cluster Member, run in the Expert mode:

fw ctl set int fwha_dprint_all_net_check 1

On the Scalable Platform Security Group, run in the Expert mode:

g_fw ctl set int fwha_dprint_all_net_check 1

Flag

Description

arp

ARP Forwarding (see sk111956)

autoccp

Operations of CCP in Auto mode

ccp

Reception and transmission of Cluster Control Protocol (CCP) packets

cloud

Replies to the probe packets in CloudGuard IaaS

conf

Cluster configuration and policy installation

correction

Correction Layer

cu

Connectivity Upgrade (see sk107042)

drop

Connections dropped by the cluster Decision Function (DF) module (does not include CCP packets)

forward

Forwarding Layer messages (when Cluster Members send and receive a forwarded packet)

if

Interface tracking and validation (all the operations and checks on interfaces)

ifstate

Interface state (all the operations and checks on interfaces)

io

Information about sending of packets through cluster interfaces

log

Creating and sending of logs by cluster

Note - In addition, enable the debug flag "log" in Module 'fw' (Firewall).

mac

Current configuration of and detection of cluster interfaces

Note - In addition, enable the debug flags "conf" and "if" in this debug module

mmagic

Operations on "MAC magic" (getting, setting, updating, initializing, dropping, and so on)

msg

Handling of internal messages between Cluster Members

multik

Processing of connections in CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances

Notes:

osp

Only for Scalable Platforms:

Distribution of connections between Security Group Members

pivot

Operation of ClusterXL in Load Sharing Unicast mode (Pivot mode)

pnote

Registration and monitoring of Critical Devices (pnotes)

select

Packet selection (includes the Decision Function)

smo

Only for Scalable Platforms:

Processing of connections on the SMO Security Group Member

stat

States of cluster members (state machine)

subs

Subscriber module (set of APIs, which enable user space processes to be aware of the current state of the ClusterXL state machine and other clustering configuration parameters)

timer

Reports of cluster internal timers

trap

Sending trap messages from the cluster kernel to the RouteD daemon about Master change

unisync

Only for Scalable Platforms:

Unicast Sync - synchronization of connections to backup Security Group Members on the local Maestro Site / Scalable Chassis and to one Security Group Member one the standby Maestro Site / Scalable Chassis