Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Cluster Synchronization is not working

from Steve Johnson [Permanent Link]
Subject: Re: [FW-1] Cluster Synchronization is not working
From: Steve Johnson <sjohnson AT ALETRIX DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 19 Nov 2004 10:31:33 -0500 
Do you have the cluster object defined with a sync network?  Are you seeing the 
sync traffic on interfaces other than the interface you expect to see it on?

also make sure you have clusterxl enabled on both members of the cluster.  
verify by simply running cpconfig on both cluster members.

if the menu says, "Disable ClusterXL" then you know that it's configured to run.

Also, make sure that in the 3rd party configuration section of the cluster 
object, that you specific Nokia VRRP and uncheck all 3 check boxes.  Next make 
sure that you properly define all VIP ip addresses in the Cluster Object's 
Topology Section.


-----Original Message-----
From:   Mailing list for discussion of Firewall-1 on behalf of Kim, Cameron
Sent:   Thu 11/18/2004 6:52 PM
To:     FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Cc:
Subject:        Re: [FW-1] Cluster Synchronization is not working
1st - Are you using ClusterXL or VRRP?
2nd - Are sync packets allowed in the ruleset on both firewalls? Check 
Smartview Tracker to see if you are dropping packets.


Cameron Kim
Mitsubishi Digital Electronics America


-----Original Message-----
From: Oliver [mailto:oliver_dog2201 AT YAHOO DOT COM]
Sent: Thursday, November 18, 2004 1:53 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Cluster Synchronization is not working

Hi,
The Cluster is formed by two nokias ipso3.8 with R55 for ipso3.8. When I use 
"fw ctl pstat" command the output is:

FW1

Sync:
        Version: new
        Status: Able to Send/Receive sync packets
        Sync packets sent:
         total : 34806028,  retransmitted : 0, retrans reqs : 0,  acks : 0
        Sync packets received:
         total : 0,  were queued : 0, dropped by net :
0
         retrans reqs : 0, received 0 acks
         retrans reqs for illegal seq : 0
         dropped updates as a result of sync overload:
0



FW2

Sync:
        Version: new
        Status: Able to Send/Receive sync packets
        Sync packets sent:
         total : 36133457,  retransmitted : 0, retrans reqs : 0,  acks : 0
        Sync packets received:
         total : 0,  were queued : 0, dropped by net :
0
         retrans reqs : 0, received 0 acks
         retrans reqs for illegal seq : 0
         dropped updates as a result of sync overload:
0

Note that "Sync packets received: total: 0" is not normal. In SmartView Status 
everything is fine. I use tcpdump in the sync interface and I dont see 
anything, but there is connectivity in the sync interface (ping is done).
Cpstop and cpstart dont fix the problem.
Anybody can help?
Thanks a lot
Oliver


_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to LISTSERV AT 
amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email 
fw-1-owner AT ts.checkpoint DOT com 
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] splat R55 and zebra - warning, Steve Johnson
Next by Date:  Re: [FW-1] How do I define Encryption Domain of "ANY", Steve Johnson
Previous by Thread:  Re: [FW-1] Cluster Synchronization is not working, Kim, Cameron
Next by Thread:  [FW-1] State Sync Between FW-1 Versions, Crist Clark
Indexes:  [Date] [Thread] [Top] [All Lists]