There are several reasons to force a failover on a firewall cluster (in this case a virtual system on a 2 node Checkpoint VSX cluster). For example, testing, analyzing or maintenance purposes.
First of all, we can check the cluster and virtual systems states by executing the command on the VS0 (on Gaia clish or expert mode):
[Expert@vsx1:0]# cphaprob state
Cluster Mode: Virtual System Load Sharing
Number Unique Address Assigned Load State
1 (local) 10.5.5.20 100% Active
2 10.5.5.30 0% Standby
Cluster name: CLUSTER_VSX
Virtual Devices Status on each Cluster Member
ID | Weight| VSX1 | VSX2
| | [local] |
------+-------+-----------+-----------
1 | 10 | Active | Standby
2 | 10 | Standby | Active
5 | 10 | Active | Standby
--------------+-----------+-----------
Active | 2 | 1
Weight | 20 | 10
Weight (%) | 66 | 34
As we can see, VS1 and VS5 are in "Active" state on the VSX1.
The VS2 is "Active" on the VSX2.
If we need to "move" VS5 to VSX2, we can enter as expert mode on VSX1 and change to VS5 command environment by executing:
[Expert@vsx1:0]# vsenv 5
Context is set to Virtual Device VSX1_FIREWALL3 (ID 5).The prompts is informing us that now we are connected in expert mode to VSX2, VS5. Lets see again the state of the VS5 (when in VS0 we have seen the state of all VS together)
[Expert@vsx1:5]# cphaprob state
Cluster Mode: Virtual System Load Sharing
Number Unique Address Assigned Load State
The command clusterXL_admin allows us to disable a VS on one of the VSX nodes. This way the VS can be forced to become active on the other VSX node.
In this case, we are forcing VS5 to become active on the VSX2 node:
[Expert@vsx1:5]# clusterXL_admin down
Setting member to administratively down state ...
Member current state is Down
[Expert@vsx1:5]# cphaprob state
Cluster Mode: Virtual System Load Sharing
Number Unique Address Assigned Load State
VS5 is now Active on VSX2
To rollback to the previous state:
[Expert@vsx1:5]# clusterXL_admin up
Setting member to normal operation ...
Member current state is Active
[Expert@vsx1:5]# cphaprob state
Cluster Mode: Virtual System Load Sharing
Number Unique Address Assigned Load State
