When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster
members have the same products installed. Which command should you run?
A.
fw fcu
B.
cpconfig
C.
cphaprob fcustat
D.
fw ctl conn –a
Which command should you run?
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster
members have the same products installed. Which command should you run?
I think this should be B. cpconfig
from what I understand cpconfig can show, but you would need to enter credentials after cpconfig, when you could just run “fw ctl conn -a” to show currently registered connection modules.
D
sk41023
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41023
Solution
Follow these steps to identify the root cause and to resolve the issue:
1.Make sure the configuration is identical on all cluster members
A.Run ‘cpconfig’ – you should see identical output
B.Run ‘rpm -qa’ – you should see identical output
C.Run ‘cpwd_admin list’ – you should see identical output
D.Run ‘ps auxwf’ – you should see identical output (the same major daemons must run on all members)
E.Compare the $CPDIR/registry/HKLM_registry.data files between the members – except for UIDs, the configuration must be identical, especially in ‘: (Products’ section (consult Check Point Support)
F.Run ‘fw ctl chain’ – the list of Chain Modules must be identical (names and order)
G.Run ‘fw ctl conn -a’ – the list of Connection Modules must be identical (names and order)
H.Run ‘fw tab -s’ – list of kernel tables must be identical
I.On Nokia IPSO – check the list of installed and enabled packages in Nokia Voyager – ‘Manage Installed Packages’
2.Make sure that the same policy is installed at the same time on all cluster members:
A.Make sure all cluster members are up and running in the correct state: cphaprob state
B.Install the policy from SmartDashboard
3.Reboot both cluster members (start with Standby). Obviously, it will cause a fail-over and should be carried out during a maintenance window.
If none of the above steps help, most probably, the problematic member (which has less Modules) will need to be reinstalled.
The following error appears on the console and in /var/log/messages files during cluster Full Sync operation:
fwsync: there is a different installation of Check Point’s products on each member of this cluster
This can be verified using ‘fw ctl conn -a’ and ‘fw tab -s’
Sync might fail. It is strongly recommended to fix this problem
Man this is still IPSO 🙁
If we based it on IPSO release then answer is D
REFERENCE: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk39041
D. fw ctl conn –a
I agree with FriedBacon.