Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] FLAPPING CROSSOVER

from Previtera, Sal [Permanent Link]
Subject: Re: [FW-1] FLAPPING CROSSOVER
From: "Previtera, Sal" <Sal.Previtera AT WTH DOT ORG>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 17 Sep 2004 07:50:15 -0500 
The default is multicast...
I went crazy try to figure out why the Checkpoint multicast and Cisco even
Linksys switch would not work correctly with multicast, when turned on the
gateways with Cluster XL... Finally gave up and changed to broadcast after
calling in support.

-----Original Message-----
From: colin [mailto:colinchoo AT MTECHPRO DOT COM]
Sent: Friday, September 17, 2004 1:07 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] FLAPPING CROSSOVER

Hi ,
I'm curious, what is the default mode SPLAT HA is in broadcast or multicast?


Colin Choo
>> -----Original Message-----
>> From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
>> MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Previtera, Sal
>> Sent: Friday, September 17, 2004 1:39 AM
>> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> Subject: Re: [FW-1] FLAPPING CROSSOVER
>>
>> The problem is multicast and the type of Switch you are using
>> Try Broadcast instead, at the firewalls (both of them) issue the
>> following
>> commands;
>>
>> cphaconf set_ccp broadcast   (change to broadcast mode)
>>
>> cphaprob -a if  (see if all interface are using broadcast)
>>
>> If you do want to use broadcast, then you have to figure out why the
>> multicast version of Checkpoint and the Switch Vendor version are
>> incompatible.
>>
>>
>>
>> -----Original Message-----
>> From: Torkel Mathisen [mailto:Torkel.Mathisen AT ERGO DOT NO]
>> Sent: Thursday, September 16, 2004 10:03 AM
>> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> Subject: Re: [FW-1] FLAPPING CROSSOVER
>>
>> Hi
>>
>> We also got some problems with flapping crossover or atleast
>> clusterxl.
>>
>> It may or not be the same problem as this.
>>
>> In our log we see this all the time:
>>
>> cluster_info: (ClusterXL) Interface Active Check on member 2
>> (10.254.254.2)
>> detected a problem (5 interfaces required, only 4 up).
>> cluster_info: (ClusterXL) interface eth3 of member 2 (10.254.254.2) is
>> down
>> (receive down, transmit down)
>> cluster_info: (ClusterXL) Interface Active Check on member 2
>> (10.254.254.2)
>> status OK.
>> cluster_info: (ClusterXL) member 2 (10.254.254.2) is up.
>> cluster_info: (ClusterXL) member 2 (10.254.254.2) is standby.
>> cluster_info: (ClusterXL) interface eth3 of member 2 (10.254.254.2) is up
>>
>> A bit futher down (or just a little bit before, depending on
>> how you look at it) we get:
>> cluster_info: (ClusterXL) member 2 (10.254.254.2) is down.
>>
>> Note that the sync-interface is NOT eth3 so it actually reports
>> down on another interface.
>>
>> You see something like that in your logs Annette?
>>
>> And does anyone have an idea?
>>
>> Cluster running SPLAT R55 121 with Checkpoint HA only.
>> Interfaces is Intel e1000 which is autonegotiated to 1000 full.
>>
>> Regards,
>> Torkel
>>
>>
>> > -----Original Message-----
>> > From: GoddardM AT SCHNEIDER DOT COM [mailto:GoddardM AT SCHNEIDER DOT COM]
>> > Sent: 15. september 2004 15:31
>> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> > Subject: Re: [FW-1] FLAPPING CROSSOVER
>> >
>> >
>> > Are you running ClusterXL, or other? What OS? There are quite
>> > a few bugs I
>> > know of in just ClusterXL alone with synch...
>> > Perhaps I may be able to help you. Let the mailing list know. :-)
>> >
>> >
>> > Regards,
>> > Matt Goddard
>> > Security Information Team
>> > Schneider National
>> > 920-592-4787
>> > goddardm AT schneider DOT com
>> >
>> >
>> >
>> > |---------+-------------------------------------------->
>> > |         |           "Garner, Annette K **BETH"       |
>> > |         |           <KAGarner AT ARCHCHEMICALS DOT COM>     |
>> > |         |           Sent by: Mailing list for        |
>> > |         |           discussion of Firewall-1         |
>> > |         |           <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
>> > |         |           KPOINT.COM>                      |
>> > |         |                                            |
>> > |         |                                            |
>> > |         |           09/15/2004 06:18 AM              |
>> > |         |           Please respond to Mailing list   |
>> > |         |           for discussion of Firewall-1     |
>> > |         |                                            |
>> > |---------+-------------------------------------------->
>> >
>> > >-------------------------------------------------------------
>> > ---------------------------------|
>> >   |
>> >                                    |
>> >   |       To:
>> > FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> >                |
>> >   |       cc:
>> >                                    |
>> >   |       Subject:  [FW-1] FLAPPING CROSSOVER
>> >                                    |
>> >
>> > >-------------------------------------------------------------
>> > ---------------------------------|
>> >
>> >
>> >
>> >
>> > I have swapped out the cable and switched to a new nic with
>> > the no luck.
>> > I turned off auto-negotiated and set it to 100baseTX-FD
>> > flow-control on
>> > both boxes.
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Annette
>> >
>> >
>> > =================================================
>> > To set vacation, Out-Of-Office, or away messages,
>> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> > in the BODY of the email add:
>> > set fw-1-mailinglist nomail
>> > =================================================
>> > To unsubscribe from this mailing list,
>> > please see the instructions at
>> > http://www.checkpoint.com/services/mailing.html
>> > =================================================
>> > If you have any questions on how to change your
>> > subscription options, email
>> > fw-1-owner AT ts.checkpoint DOT com
>> > =================================================
>> >
>> > =================================================
>> > To set vacation, Out-Of-Office, or away messages,
>> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> > in the BODY of the email add:
>> > set fw-1-mailinglist nomail
>> > =================================================
>> > To unsubscribe from this mailing list,
>> > please see the instructions at
>> > http://www.checkpoint.com/services/mailing.html
>> > =================================================
>> > If you have any questions on how to change your
>> > subscription options, email
>> > fw-1-owner AT ts.checkpoint DOT com
>> > =================================================
>> >
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] tcpt and visitor mode, David CALLEBAUT
Next by Date:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Thorsten Behrens
Previous by Thread:  Re: [FW-1] FLAPPING CROSSOVER, Claudia Cordova
Next by Thread:  Re: [FW-1] FLAPPING CROSSOVER, Previtera, Sal
Indexes:  [Date] [Thread] [Top] [All Lists]