Alexander Simbun <alexals AT KKIPC DOT COM> wrote:
>
> I have not yet re-establish the SIC. To do so, I have to detach the
> cluster member and re-initialize it again. Meanwhile, I'm also unable
> to ping the physical IP of the cluster's member.
It is often the case that when you create a cluster, only the current
cluster master can receive traffic. This is due to some settings on the
cluster gateway object. Under "3rd Party Config" you will find some
options: Hide Cluster Member's outgoing traffic behind Cluster IP, and
Forward Cluster incoming traffic to Cluster Member IP.
I turn both of these options off. When they are on, the secondary
member will try to send out NTP or DNS requests, and they get NAT'd
behind the cluster IP, then when the replies come in, they are directed
to the primary member, which doesn't understand why it is receiving such
traffic. The traffic never reaches the secondary member that initiated
the traffic.
By turning these off, the traffic can reach the particular cluster
member that originated the traffic.
--
David DeSimone == Network Admin == fox AT verio DOT net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
