State synchronization was turned off only in the Check Point management GUI.
Policy was pushed to the Gateways.
Traffic outage was experienced.
After such a reconfiguration step, there will be a discrepancy between configured High Availability (HA) status and its runtime status. Consequently, the application status will be reported as "Down" on the VAP member:
# /crossbeam/apps/app_status -v cpd is RUNNING fwd is RUNNING HA is NOT READY
Reporting application state: DOWN
This is expected behavior. The XOS application monitor verifies if HA status is enabled at installation time. If you plan to disable state synchronization, HA must be disabled in the Check Point application
From the XOS CLI, execute the following commands:
# application cpsg vap-group fw configure … Check Point Security Gateway Configuration Menu
1. Licenses 2. SNMP Extension 3. Secure Internal Communication 4. High Availability/State Synchronization <...> 9. Exit
Enter choice : 4 …
High Availability/State Synchronization is enabled. Do you want High Availability/State Synchronization to remain enabled? [y]:n
Please note that the list of menu items and numbering may slightly differ depending on Check Point application and version.
Disabling " High Availability/State Synchronization" will not affect VRRP chassis state. But the HA status will change to "disabled" at VAP member level:
# /crossbeam/apps/app_status -v cpd is RUNNING fwd is RUNNING === >> HA is DISABLED <<===
Reporting application state: UP
Imported Document ID: 000027413
Subscribing will provide email updates when this Article is updated. Login is required.