Manually Fail-over in Checkpoint Firewall ClusterXL

Trying to do a controlled failover on Checkpoint Firewall ClusterXL environment and found Checkpoint expert command clusterXL_admin in sk55081.

$FWDIR/bin/clusterXL_admin is a special shell script that not only makes the task of adding a new Critical Device easier, but also checks the change in member's state and provides the user with the feedback.

This script registers a Critical Device called "admin_down".

The syntax for bringing the cluster member Down is:
[Expert@HostName]# clusterXL_admin   down   [-p]

The syntax for bringing the cluster member Up is:
[Expert@HostName]# clusterXL_admin   up   [-p]

[-p] - optional flag, stands for "permanent" - operation will survive the reboot.

Also CCMA#40's blog Expert Mode post has more details to explain some other commands to do force a failover (cluster/vrrp).

Here is a usage example in my environment:

CP-DMZ> cphaprob stat

Cluster Mode:   New High Availability (Active Up)

 with IGMP Membership

Number     Unique Address  Assigned Load   State       

1 (local)         0%              Down        

2         100%            Active      

CP-DMZ> expert
Enter expert password:
You are in expert mode now.

[Expert@CP-M-DMZ]# clusterXL_admin up -p

Setting member to normal operation ...

Member current state is Standby

