Kevin,
Thanks for the advice, however we had to enter CPCONFIG and activate the
"Enable Checkpoint Cluster XL and State Synchronization" and the "Would you
like to enable the High Availabilty module" options.
I don´t know why they were not set after the upgrade.
Thanks,
Alex
Kevin.J.Nevala@gtse
rvicing.com To: alexandre.mandina AT
LIGHT.COM DOT BR
cc:
27/01/2004 15:38 Subject: Re: [FW-1] Problems
with VPN and AI R55 in IPSO 530 with Cluster
Alex,
I know this may sound stupid, but check your Nokia Cluster config. I had
to switch from Muticast to forwarding. For some reason the Cisco 3548's in
front, behind, and on the sides did not like the multicast coming from the
IP 530's. Once I switched to Forwarding in the cluster I was able to hit
the virtual addresses.
You can check the clustering by stoping the FW services (fwstop) and ping
the virtual address. Make sure your Internet side isn't plugged in as this
will leave you WIDE open.
For what it's worth,
kevin
Alex Mandina
<alexandre.mandina@LIGHT. To:
FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
COM.BR> cc:
Sent by: Mailing list for Subject: [FW-1]
Problems with VPN and AI R55 in IPSO 530 with
discussion of Firewall-1 Cluster
<FW-1-MAILINGLIST@AMADEUS
.US.CHECKPOINT.COM>
01/27/2004 10:27 AM
Please respond to Mailing
list for discussion of
Firewall-1
Hi,
We had the following configuration:
Two Nokia IP530 boxes with VRRP, IPSO 3.6 FCS7 and NG FP3. The VPN worked
fine.
We removed one of the IP 530 boxes, installed another manager with AI R55
and imported the FP 3 configuration. The IP530 was upgraded to IPSO 3.7
release 32 and AI R55. The installation and functionality of firewall, VPN
and Floodgate were all OK.
The problem begun when we configured and activated the Cluster in the
IP530, the VPN stop responding and we got an "Error Communicating with
Gateway" message on all VPN clients. The firewall and Floodgate functions
kept working fine. If we remove the Cluster configuration the VPN starts
working again.
The other IP530 box was left unchanged, and we are using it (NG FP3) at
this moment.
Thanks,
Alex Mandina
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
