You also want to check show vrrp interface under
iclid, and run tcpdump -nnvvei <fw sync interface>
proto vrrp to check if they see each other. Even
though I turned on the monitor firewall state, it
still didn't fail over properly because the secondary
node does not know the primary node fails.
Wayne
--- Warrington Bruce - bwarri
<bruce.warrington AT ACXIOM DOT COM> wrote:
> On the Nokia Voyager VRRP config page, do you have
> the "Monitor Firewall State" radio button set to
> "Enabled"? If not, that's the problem. When
> enabled, a cpstop *should* cause a failover to the
> other box.
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]
> On Behalf Of Lino Eduardo Avila Rodr�guez
> Sent: Tuesday, May 23, 2006 10:55
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] vrrp and cp
>
> Hi all!
>
> I have a question regarding vrrp and checkpoint.
> Recently I did a cpstop on one of my nokia
> appliance, I assumed everything will move to the
> other appliance, but it didn't, is this behavior ok?
> Or the machine should go down in order to route the
> traffic on the other box?
>
> I have R55 with IPSO 3.8
>
> Best Regards,
>
> Lino
>
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
*************************************************************************
> The information contained in this communication is
> confidential, is
> intended only for the use of the recipient named
> above, and may be
> legally privileged.
>
> If the reader of this message is not the intended
> recipient, you are
> hereby notified that any dissemination, distribution
> or copying of this
> communication is strictly prohibited.
>
> If you have received this communication in error,
> please resend this
> communication to the sender and delete the original
> message or any copy
> of it from your computer system.
>
> Thank you.
>
*************************************************************************
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
