Make sure that the sync network and cluster mgt protocol are on two different
switches if
possible running 100MB full duplex,
had a similar problem and moving to separate switches fixed the out of state
packets.
we currently have two firewalls IP530 running the IP clustering and its working
great. its
been in production for 4 months now.
Rick
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf
> Of Shane Presley
> Sent: Tuesday, September 28, 2004 1:23 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] IPSO cluster routing problem
>
> Moe,
>
> I haven't been following your previous problems, so this may
> be way off.
>
> But why are packets leaving FirewallA and returning to
> FirewallB? Is this a Load Sharing setup? Or simple HA?
>
> Is anything getting logged? Possibly out of state packet?
> Maybe sync isn't updating fast enough?
>
> Shane
>
>
> On Tue, 28 Sep 2004 11:32:39 -0500, Moe Behlim
> <moe.behlim AT netspi DOT com> wrote:
> > Here we go again,
> >
> > Thanks for all the help so far, I feel like I'm really close to
> > getting this up finally!
> >
> > 2 Nokia IP 350's running in IPSO 3.8 cluster
> >
> > It looks like the packets are going out the first FW and
> getting lost
> > when they come back in the 2nd FW.
> >
> > I can see the replies on the external interface of the 2nd FW
> > (tcpdump) but they are not making it to the internal
> interface and finally to me.
> >
> > I'm at a lost.
> >
> > Any help would be appreciated.
> >
> > Thanks.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages, send an email to
> > LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list, please see the
> instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> subscription options,
> > email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an
> email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription
> options, email fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
