hi,
try to run the cluster in forwarding mode - most of the time problems are
switch-related...
br
reinhard
** My mobile email is powered by Nokia Mobile Email solutions **
** please 'reply-to-all' when answering... **
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 on behalf of Sergio Alvarez
> Received: Sat Mar 31 16:25:54 CEST 2007
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] IPSO clustering issue
>
> Hello,
>
> We have an issue with two IP1220 boxes running IPSO 4.2 and Check Point NGX
> R62 over them. The idea is to use them as a cluster configured with IPSO
> Clustering, but so far this has not been possible.
>
> With an SMC on a separate machine (obviously) a single IP1220 works as
> firewall module with no problems at all, but when the second box comes into
> the scenario, things start to turn complicated. Clustering seems to work ok
> at the IPSO level, as at Voyager is possible to see the state of the boxes
> and some tests done showed how bringing down one of the boxes showed the
> other as the only active, but when the CP policy is installed to make them
> become a firewall cluster a lot of problems come up. Some times an interface
> of the Nokias reports as failing (is not the same interface always), some
> times SIC fails and is not possible to install policy changes (most likely
> related with the previous described issue), outbound traffic through the
> cluster turns extremely slow, inbound traffic to public servers located on a
> DMZ stops completely and SV Tracker does not show anything that could lead
> to think it is a policy rules issue (anyway the same policy on a single
> gateway works perfect).
>
> Has anybody seen issues like this before?
>
> --
> Sergio Alvarez
> (506)8301342
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
