Re: [FW-1] ipso 4.1b25 with R55P not performing full sync

Subject:	Re: [FW-1] ipso 4.1b25 with R55P not performing full sync
From:	Rajeev Gupta <rgup14 AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 12 Mar 2007 18:48:23 -0400

We had exactly the same issue w/ same R55P HFA08 on IP1260's and we did lot
of tweaking but what worked in our case ultimately was this:

Enable Monitor Firewall State: it was disabled in our case - so check it out
in your Voyager configs.

Also, do not need Coldstart delay - we removed the interval - it is blank
now (in our case due to some engineer - not sure what is the default value -
it was set to 300secs).
But I guess 'enabling firewall state monitoring' fixed the issue even though
we did not test it further by enabling 'coldstart delay'

hth,

Rajeev

On 3/12/07, Ronny Vaningh <ronny AT netrusion DOT com> wrote:


Hi

I'm in progress of upgrading some firewalls to IPSO 4.1B25 (in combo
with R55P HFA08) in preparation of a move to NGX

This seems to work fine but I noticed that the secondary firewall does
not perform a full sync with the master at boot.

According to cphaprob the node stays initializing for sync and problem
notification for about 2 minutes.

The fwd.elg logfile has an entry:
Full snyc not performed probably the only member.

New connections however are synced out.

When I run cprestart the full sync is performed ...


Nokia has made some suggestions but nothing substantial ...

Checkpoint claims this is a nokia issue ...

Guys, do you have an idea, do you run similar combo ?


Thanks


Ronny

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] ipso 4.1b25 with R55P not performing full sync, Ronny Vaningh Re: [FW-1] ipso 4.1b25 with R55P not performing full sync, Rajeev Gupta <= Re: [FW-1] ipso 4.1b25 with R55P not performing full sync, Ronny Vaningh Re: [FW-1] ipso 4.1b25 with R55P not performing full sync, pkc_mls Re: [FW-1] ipso 4.1b25 with R55P not performing full sync, Ronny Vaningh

Previous by Date:	[FW-1] R65 released today, Ray
Next by Date:	Re: [FW-1] FW-1 list is moving, Richard Turner
Previous by Thread:	[FW-1] ipso 4.1b25 with R55P not performing full sync, Ronny Vaningh
Next by Thread:	Re: [FW-1] ipso 4.1b25 with R55P not performing full sync, Ronny Vaningh
Indexes:	[Date] [Thread] [Top] [All Lists]