Sandra,
You might wanna check if the sync protocols (xslate and others) are allowed
between the cluster members. If they are not the traffic information is not
synchronized between them and there is no garantee that they know what
traffic is going through what firewall. The result is an unexpected drop of
legitimate packets as out of state.
You should check this doc:
http://www.digitalmigrations.com/Clustering_%20NG-AI.pdf. It is a very good
manual on how to install the solution.
Good luck!
Daniel Accioly Rosa, CISSP CCSE
Consultant
Global Infrastructure Services
Phone :55+(21) 3804-5110
Net : 692-5110
UNISYS Imagine it. Done.
This message, including its attachments, is confidential and its contents
are restricted to the addressee. If you have received this message by
accident, please discard its contents by removing it from your mailbox. Any
unauthorized use of this message, replication or dissemination is expressly
prohibited. Unisys is not responsible for the content or reliability of this
information..
-----Original Message-----
From: Sandra Iveth Amador Garcia [mailto:sandra.amador AT ISF.COM DOT MX]
Sent: domingo, 31 de agosto de 2003 11:58
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] IP Clustering Issue
Importance: High
Greets !
Hi Gurus, this is the enviroment:
2 Nokia IP 380, Using IPSO 3.7 B 23, Checkpoint AI.
Distributed Installation, just one smarcenter sever.
We have implemented, a Nokia IP Clustering, without problems in the
configuration
Have finished the proccess, and the master and the member works fine,
but we have a problem,
1) The external segment cannot communicate whit the internal network, in
the smartview tracker
the packets are dropped by anti spoofing feature, but we don´t
understand the reason, because the topology
is the same that we are using just one Appliance and it works great,
but with the cluster enabled it does
not.
Any suggestion?
Thanks :)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
