Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Cluster active active

from José María Gabaldón [Permanent Link]
Subject: Re: [FW-1] Cluster active active
From: José María Gabaldón <jgabaldon AT CYBERTECHPROJECTS DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 25 Aug 2005 13:08:33 -0400 
Hi,

I faced some issue like you described, but in VRRP Monitor I saw the
interfaces in the primary member as "Master", but in the backup gateway
i saw some interfaces as "Backup" but two also showed as Master
(surprisingly). Every worked fine, but traffic was going through both
gateways. The soution I found is in a KB from Nokia: disable
"fingerprint scrambling" in SmartDefense (which is not supported in
VRRP).

Hope this helps,

Regards,

_______________________________ 

Cybertech Projects

José María Gabaldón 
Network Security Engineer 
email: jgabaldon AT cybertech.com DOT ve 
www.cybertech.com.ve 



-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Lino
Eduardo Avila Rodríguez
Enviado el: Jueves, 25 de Agosto de 2005 12:43 p.m.
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: [FW-1] Cluster active active

 
Hey!

I have one issue, I have two nokia modules with R55, the Smarcenter in
Solaris 2.8. When I run the cphaprob state I can see the two modules are
active when one should be in standby, everything works fine, the tracker
reports everything going out through module1. 
The cluster is configured with VRRP. In the VRRP Monitor I can see the
interfaces of the active firewall as master and the other module as
backup.
I can't understand why the output of the command is active active.
Sometimes
when I did cphastop and cphastart the situation was corrected, but now
It
doesn't.

Any thoughts??


Lino E. Avila

 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] SecureClient authentication through Microsoft AD, Hawkins, Michael
Next by Date:  Re: [FW-1] Stonebeat running on Solaris NGAIR55, Warrington Bruce - bwarri
Previous by Thread:  [FW-1] Cluster active active, Lino Eduardo Avila Rodríguez
Next by Thread:  [FW-1] smartcenter question, Quick, Richard A.
Indexes:  [Date] [Thread] [Top] [All Lists]