Hi,
Is IGMP snooping enabled at the switch? If yes, try with disabled IGMP
snooping.
Regards, Markus
Am 13.04.2006 10:20 Uhr schrieb "Alexander Simbun" unter
<alexals AT KKIPC DOT COM>:
> Hi,
>
> Using cross cable certainly works but at this moment these two
> enforcements are located on separated location which connected through
> Cisco 6500 series. I had allocated a dedicated VLAN for heartbeat. So,
> any idea why this thing happens?
>
> Thanks,
>
> Regards,
>
> Al.
>
>
> Bhavin Gandhi wrote:
>> Did u try using a cross cable for sync interface?
>>
>>
>>
>> -----Original Message-----
>> From: Mailing list for discussion of Firewall-1
>> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of
>> Alexander Simbun
>> Sent: Thursday, April 13, 2006 10:15 AM
>> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> Subject: [FW-1] firewall synchronization not properly working on
>> RainWall/CheckPoint'sfirewallcluster
>>
>>
>> Dear experts,
>>
>> I had a problem with our firewall cluster which doesn't work properly
>> due to the synchronization error as stated below:
>>
>> *fwe3 firewall*
>> Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 544343 kern.notice] CPHA: Found
>> another machine with same cluster ID. There is probably another cluster
>> Apr 13 11:05:40 fwe3xxx.xxxx.xx connected to the same switch/hub as this
>> one.
>> Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 407823 kern.notice] CPHA: This
>> is an illegal configuration. Each cluster should be connected to another
>> set of switches/hubs.
>>
>> The firewall's H.A link detected that its partner is down.
>>
>> Cluster Mode: Sync only (OPSEC)
>>
>> Number Unique Address Firewall State (*)
>>
>> 1 10.1.0.1 down
>> 2 (local) 10.1.0.3 active
>>
>> (*) FW-1 monitors only the sync operation and the security policy
>> Use OPSEC's monitoring tool to get the cluster status
>>
>> and it is similar to fwe1 firewall as shown below.
>>
>> *fwe1 firewall
>>
>> *Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: Found another machine with
>> same cluster ID. There is probably another cluster
>> Apr 13 11:05:30 fwe1xxx.xxxx.xx connected to the same switch/hub as this
>> one.
>> Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: This is an illegal
>> configuration. Each cluster should be connected to another set of
>> switches/hubs.
>>
>>
>> Cluster Mode: Sync only (OPSEC)
>>
>> Number Unique Address Firewall State (*)
>>
>> 1(local) 10.1.0.1 active
>> 2 10.1.0.3 down
>>
>> (*) FW-1 monitors only the sync operation and the security policy
>> Use OPSEC's monitoring tool to get the cluster status
>>
>>
>> How to fix this? FYI, I'm using RainWall 3.1 SP5 and Check Point NG AI
>> R55 HFA15. Please help me on this matter.
>>
>> Thanks very much.
>>
>> Regards,
>>
>> Al
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>>
>>
>> The information contained in this electronic message and any attachments to
>> this message are intended for the exclusive use of the addressee(s) and may
>> contain proprietary, confidential or privileged information. If you are not
>> the intended recipient, you should not disseminate, distribute or copy this
>> e-mail. Please notify the sender immediately and destroy all copies of this
>> message and any attachments.
>>
>> WARNING: Computer viruses can be transmitted via email. The recipient should
>> check this email and any attachments for the presence of viruses. The company
>> accepts no liability for any damage caused by any virus transmitted by this
>> email.
>>
>> www.wipro.com
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>>
>>
>>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
Markus Kohlmeier
DTS Service GmbH
Geschäftsbereich Managed Service
IT Security Team
Tel: +49 5221 / 101 2722
Fax: +49 5221 / 101 1001
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
