Re: [FW-1] Virtual MAC for ClusterXL

Subject:	Re: [FW-1] Virtual MAC for ClusterXL
From:	"O'Sullivan, Mairtin" <mairtin.osullivan AT IMPERIAL.AC DOT UK>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 4 Nov 2004 10:18:11 -0000

I was under the impression that the MAC you mentioned here is the MAC
used for HA sync data.
It's been a while but I remember that it sends it out all interfaces and
not just the sync net as defined in the topology section. Hence the
problems with multiple clusters on the same switch.. Even if it's not
the sync interface. I could be completely wrong though as it has been a
couple of months since I've used clusterXL.

ClusterXL only uses a virtual MAC when it's in load balanced mode.


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
GoddardM AT SCHNEIDER DOT COM
Sent: 04 November 2004 06:57
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Virtual MAC for ClusterXL


So this must be new in HFA09 and later?.... I thought ClusterXL used
00:00:00:00:FE:00, and something else along those lines. I know ours
does. We have run into problems with multiple clusters in the same
switch... we have had to set the "magic" and "magic_forward" MAC numbers
for ClusterXL for each cluster to something different so they didn't
confuse the switches.

Regards,
Matt Goddard
Security Information Team
Schneider National, Inc.
ph: 920.592.4787


|---------+-------------------------------------------->
|         |           "Chris 'Chipper' Chiapusio"      |
|         |           <chipper AT LLAMAS DOT NET>             |
|         |           Sent by: Mailing list for        |
|         |           discussion of Firewall-1         |
|         |           <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
|         |           KPOINT.COM>                      |
|         |                                            |
|         |                                            |
|         |           11/03/2004 11:17 AM              |
|         |           Please respond to Mailing list   |
|         |           for discussion of Firewall-1     |
|         |                                            |
|---------+-------------------------------------------->

>-----------------------------------------------------------------------
-----------------------|
  |
|
  |       To:       FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
|
  |       cc:
|
  |       Subject:  Re: [FW-1] Virtual MAC for ClusterXL
|

>-----------------------------------------------------------------------
-----------------------|




On Wed, 3 Nov 2004, Mike Feetham wrote:

> That's what I would have thought, Matt.  However, these are all
> reporting the MAC address for the active server in the cluster.  I was

> under the impression that ClusterXL in HA used a separate Virtual MAC
> address.
>
> I know the Nokias do for VRRP, but I'm using ClusterXL on SPLAT.

SPLAT R55 (at least after HFA08) gratuitously ARP's using the primary
members MAC address.  CheckPoint HA does not use a seperate
virtual/cluster MAC address.

Chip


  ------
                       Please encrypt anything important.
    PGP Key:
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
"They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety " - Benjamin
Franklin

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] Virtual MAC for ClusterXL, GoddardM Re: [FW-1] Virtual MAC for ClusterXL, Mike Feetham Re: [FW-1] Virtual MAC for ClusterXL, Chris 'Chipper' Chiapusio Re: [FW-1] Virtual MAC for ClusterXL, Mike Feetham Re: [FW-1] Virtual MAC for ClusterXL, Jimmy Jutwreten Re: [FW-1] Virtual MAC for ClusterXL, GoddardM Re: [FW-1] Virtual MAC for ClusterXL, O'Sullivan, Mairtin <=

Previous by Date:	Re: [FW-1] Virtual MAC for ClusterXL, Jimmy Jutwreten
Next by Date:	[FW-1] SecureClient : tunnel established but no connection between the LAN and the distant computer, Chanoine
Previous by Thread:	Re: [FW-1] Virtual MAC for ClusterXL, GoddardM
Next by Thread:	Re: [FW-1] Mixed Mode Cluster R54 & R55, Karel Chwistek
Indexes:	[Date] [Thread] [Top] [All Lists]