This article is imported from packetattack.org, a technical blog I maintained before planting my flag at packetpushers.net. I’ll be moving the most popular blog posts from packetattack.org to packetpushers.net in the coming weeks.
I’ve spent the last couple of weeks playing catch up on e-mail: organizing, filing, and mostly deleting. This is a nugget I saved while working on an issue with Check Point. This explains simply how to force the failover and failback of cluster members within a firewall high availability pair.
Here’s what I asked Check Point support and their response, including their screenshots.
Q: I would like to be able to force the ClusterXL members to failover and failback, but I cannot find how to do this. Is there a command or GUI tool option that would allow me to control which ClusterXL member is active?
A: You can change the active node in the Cluster Member section of the object:
By changing the priority and then pushing policy the nodes will failover. Also be sure of the below on the behavior during a failover.
This can also be accomplished via command line as well if needed.