Use the iclid command from the shell
At the iclid prompt run the following commands
Sh vrrp - This command, fun on both boxes, will reveal the state of the
interfaces on each of the Firewalls. On the primary, all interfaces
should be in Master state. The secondary, should have all interfaces in
Backup state.
If the secondary FW has any interfaces in Master, run the "sh vrrp int"
command. It will show which interface thinks that its master. You'll
then need to go back and inspect your VRRP configurations for the
particular interface.
Hope this helps.
-K
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
J.Ayoola
Sent: Friday, June 25, 2004 11:13 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] VRRP problem
Hi,
I have got a problem with my secondary box and in summary, I have 2 IP
530 running IPSO 3.7, NG FP3 HFA 325 configured with VRRP for failover.
For some unknown reason, the external interface on the secondary box
keeps assuming the role of the master even though the primary box is
active.
This is causing me no end of grief as packets are being routed between
the 2 boxes.
There has been not change to the network topology and I am at my wits
end running on one box at the moment. I had to disable the secondary
box for my sanity but I would appreciate any help in resolving this
problem.
Judie
********************************************
Judie Ayoola
Network Security Officer
ISLS
University of Westminster
115 New Cavendish St
London W1W 6UW
Tel: 0207 9115000 ext 3691
Mobile: 07968 980414
Fax: 0207 9115093
E-mail: J.Ayoola AT Westminster.ac DOT uk
********************************************
This e-mail and its attachments are intended for the above named only
and may be confidential. If they have come to you in error you must not
copy or show them to anyone, nor should you take any action based on
them, other than to notify the error by replying to the sender.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
