Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] firewall synchronization not properly working on RainWall/CheckPo

from Alexander Simbun [Permanent Link]
Subject: [FW-1] firewall synchronization not properly working on RainWall/CheckPoint'sfirewallcluster
From: Alexander Simbun <alexals AT KKIPC DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 13 Apr 2006 12:45:10 +0800 
Dear experts,
I had a problem with our firewall cluster which doesn't work properly due to the synchronization error as stated below: 

*fwe3 firewall*
Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 544343 kern.notice] CPHA: Found another machine with same cluster ID. There is probably another cluster Apr 13 11:05:40 fwe3xxx.xxxx.xx connected to the same switch/hub as this one. Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 407823 kern.notice] CPHA: This is an illegal configuration. Each cluster should be connected to another set of switches/hubs. 

The firewall's H.A link detected that its partner is down.

Cluster Mode:   Sync only (OPSEC)

Number     Unique Address  Firewall State (*)

1          10.1.0.1        down
2 (local)  10.1.0.3        active

(*) FW-1 monitors only the sync operation and the security policy
   Use OPSEC's monitoring tool to get the cluster status

and it is similar to fwe1 firewall as shown below.

*fwe1 firewall
*Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: Found another machine with same cluster ID. There is probably another cluster Apr 13 11:05:30 fwe1xxx.xxxx.xx connected to the same switch/hub as this one. Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: This is an illegal configuration. Each cluster should be connected to another set of switches/hubs. 


Cluster Mode:   Sync only (OPSEC)

Number     Unique Address  Firewall State (*)

1(local) 10.1.0.1        active
2  10.1.0.3        down

(*) FW-1 monitors only the sync operation and the security policy
   Use OPSEC's monitoring tool to get the cluster status
How to fix this? FYI, I'm using RainWall 3.1 SP5 and Check Point NG AI R55 HFA15. Please help me on this matter. 

Thanks very much.

Regards,

Al

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Secure client verification to DNS servers with 'large pings' (Office mode), Ray
Next by Date:  Re: [FW-1] firewall synchronization not properly working on RainWall/CheckPoint'sfirewallcluster, Bhavin Gandhi
Previous by Thread:  Re: [FW-1] [FW-1 Integrity vs SecureClient, Lars Troen
Next by Thread:  Re: [FW-1] firewall synchronization not properly working on RainWall/CheckPoint'sfirewallcluster, Bhavin Gandhi
Indexes:  [Date] [Thread] [Top] [All Lists]