UDP port 8116 broadcast packets are transmitted to all cluster interfaces, when
State Synchronization is enabled.
Cause
UDP 8116 broadcast are necessary for cluster-status health checks, when a Check
Point ClusterXL clustering solution is implemented. Third-party OPSEC
clustering solutions conduct their own cluster-status health checks, despite
State Synchronization interfaces.
Solution
To stop UDP 8116 broadcast packets on all interfaces, except State
Synchronization interfaces, apply the steps below.
Caution:
Interface monitoring will not be possible, once the steps are completed.
Procedure:
Type at prompt: cphastop
Type: cphaconf -R 1 start
(Ignore the error message about no configuration or no license. High
Availability (HA) is stopped.)
Type: cphastart.
The above steps do not survive reboot. To survive reboot, add the steps to an
operating-system startup script.
Regards,
Torkel
-----Opprinnelig melding-----
Fra: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] På vegne av Roger P Herr
Sendt: 24. november 2005 17:31
Til: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Emne: Re: [FW-1] CCP broadcasts
It appears that the "new" - "requires tech support contract" is required for
this SK. I am just a lowly CheckPoint instructor who would like to have the
knowledge and no need for a tech support contract. Could someone provide me
with the information or possibly a copy of sk23208.
Thanks
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say "Why Not?"
-Robert F. Kennedy
----- Original Message -----
From: "Andriy Malyuk" <andreym AT PRONET DOT UA>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Thursday, November 24, 2005 10:04 AM
Subject: Re: [FW-1] CCP broadcasts
>I have found a solution - sk23208.
>
> Andriy Malyuk wrote:
>
>> Hi all,
>> As I understand claster control protocol uses 8116/udp for connections
>> table syncronization and status info exchange with other cluster members.
>> So if dedicated syncronization network is defined and every cluster
>> member has an interface wich looks to this network why broadcast to all
>> interfaces ?
>>
>> 17:23:38.633646 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>> 17:23:38.926923 0.0.0.0.8116 > x.x.x.0.8116: udp 36
>> 17:23:39.026896 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>> 17:23:39.033641 0.0.0.0.8116 > x.x.x.0.8116: udp 36
>> 17:23:39.133640 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>> 17:23:39.526914 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>> 17:23:39.633660 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>> 17:23:40.026916 0.0.0.0.8116 > x.x.x.0.8116: udp 37
>>
>> I can see such packets on all interfaces of every cluster member and
>> Smart Centre as well.
>>
>> I'm using NGX HA cluster, ccp is configured to multicast mode and
>> diagnostics says
>> Sync:
>> Version: new
>> Status: Able to Send/Receive sync packets
>>
>> Is it possible to prevent broadcasting ccp packets to all available
>> interfaces ?
>>
>> Thanks,
>> Andrey.
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
