set the origin filter to the two firewalls in question
set the filter on the message type column it has an icon for a log file or wrench etc
untick everything except control (wrench) (search for type:Control)
You can also try searching the information column for ClusterXL
on the CLI
cphaprobe state
cphaprobe -a if
cphaprob show_failover
I got a reason FWD PNOTE (so grep log for this)
grep -i FWD /var/log/messages*
https://community.checkpoint.com/t5/Security-Gateways/Reason-for-Firewall-Failover/td-p/157345
https://support.checkpoint.com/results/sk/sk56202
No comments:
Post a Comment