Hi
Using NG FP3 HFA313 on 2 Nokias IP330 IPSO 3.6 FCS4 as VRRP Cluster Sync
Interfaces eth-s4 5.25.25.4/30 connected over a seperate VLAN, not
cross-cable
I'm getting these messages on the master firewall:
Jun 27 16:29:40 fw1 [LOG_CRIT] kernel: FW-1:
fwldbcast_update_block_new_conns: sync in risk: did not receive ack for
the last 1172 packets. Jun 27 16:29:40 fw2 [LOG_CRIT] kernel: FW-1: It
is recommended to set the global parameter fw_sync_block_new_conns to 0.
Sync seems OK:
fw1[admin]# cphaprob state
Working mode: Service
Number Unique Address State
1 (local) 5.25.25.5 active
2 5.25.25.6 active
What does this error mean and where do I find this
fw_sync_block_new_conns parameter?
Thanks for your help
mit Begeisterung, with enthusiasm
Samuel Wuethrich
Manager Technology
ISPIN AG
Grindelstrasse 15
CH-8303 Bassersdorf
Tel. +41 1 838 31 11
Fax. +41 1 838 31 12
Web. www.ispin.ch
samuel.wuethrich AT ispin DOT ch
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
