Re: [FW-1] IPSO cluster routing problem

Subject:	Re: [FW-1] IPSO cluster routing problem
From:	"Kim, Cameron" <CKim AT MDEA DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 28 Sep 2004 11:50:10 -0700

Lets start with the simple question.

Are you running VRRP?

Check each of the IP350's. Go to CLI, iclid, and the sh vrrp ( you can
do the same on Voyager)
One should be the master, other firewall should be backup state.
If the external interfaces of both firewalls are in master state, that
means the fw think both are masters and something is dropping the vrrp
multicast packets (most likely a rule)

Cameron Kim

-----Original Message-----
From: Moe Behlim [mailto:Moe.Behlim AT NETSPI DOT COM]
Sent: Tuesday, September 28, 2004 9:33 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] IPSO cluster routing problem

Here we go again,



Thanks for all the help so far, I feel like I'm really close to getting
this up finally!



2 Nokia IP 350's running in IPSO 3.8 cluster



It looks like the packets are going out the first FW and getting lost
when they come back in the 2nd FW.



I can see the replies on the external interface of the 2nd FW (tcpdump)
but they are not making it to the internal interface and finally to me.



I'm at a lost.



Any help would be appreciated.



Thanks.




=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] IPSO cluster routing problem, Moe Behlim Re: [FW-1] IPSO cluster routing problem, Shane Presley Re: [FW-1] IPSO cluster routing problem, Rick Centner Re: [FW-1] IPSO cluster routing problem, Kim, Cameron <=

Previous by Date:	Re: [FW-1] IPSO cluster routing problem, Rick Centner
Next by Date:	[FW-1], Nguyen, Thai
Previous by Thread:	Re: [FW-1] IPSO cluster routing problem, Rick Centner
Next by Thread:	Re: [FW-1] Windows Gui for Nokia I330, Zeltser, Roman
Indexes:	[Date] [Thread] [Top] [All Lists]