Hello,
We have an issue with two IP1220 boxes running IPSO 4.2 and Check Point NGX
R62 over them. The idea is to use them as a cluster configured with IPSO
Clustering, but so far this has not been possible.
With an SMC on a separate machine (obviously) a single IP1220 works as
firewall module with no problems at all, but when the second box comes into
the scenario, things start to turn complicated. Clustering seems to work ok
at the IPSO level, as at Voyager is possible to see the state of the boxes
and some tests done showed how bringing down one of the boxes showed the
other as the only active, but when the CP policy is installed to make them
become a firewall cluster a lot of problems come up. Some times an interface
of the Nokias reports as failing (is not the same interface always), some
times SIC fails and is not possible to install policy changes (most likely
related with the previous described issue), outbound traffic through the
cluster turns extremely slow, inbound traffic to public servers located on a
DMZ stops completely and SV Tracker does not show anything that could lead
to think it is a policy rules issue (anyway the same policy on a single
gateway works perfect).
Has anybody seen issues like this before?
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
