Check to see what the "Priority" is on the two boxes. Chances are the
priority on the second box is higher than the priority of the first. If
that isn't the problem, then check the "Priority Delta", and make sure
that both boxes have the same Priority Delta, but that the primary has a
higher Priority. Also, make sure that the priority delta is sufficient
to bring up the second box should the first fail.
Example:
Primary: Priority 100 Priority Delta 10
Secondary: Priority 95 Priority Delta 10
Good luck
Rob
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
J.Ayoola
Sent: Friday, June 25, 2004 12:13 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] VRRP problem
Hi,
I have got a problem with my secondary box and in summary, I have 2 IP
530 running IPSO 3.7, NG FP3 HFA 325 configured with VRRP for failover.
For some unknown reason, the external interface on the secondary box
keeps assuming the role of the master even though the primary box is
active.
This is causing me no end of grief as packets are being routed between
the 2 boxes.
There has been not change to the network topology and I am at my wits
end running on one box at the moment. I had to disable the secondary
box for my sanity but I would appreciate any help in resolving this
problem.
Judie
********************************************
Judie Ayoola
Network Security Officer
ISLS
University of Westminster
115 New Cavendish St
London W1W 6UW
Tel: 0207 9115000 ext 3691
Mobile: 07968 980414
Fax: 0207 9115093
E-mail: J.Ayoola AT Westminster.ac DOT uk
********************************************
This e-mail and its attachments are intended for the above named only
and may be confidential. If they have come to you in error you must not
copy or show them to anyone, nor should you take any action based on
them, other than to notify the error by replying to the sender.
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
