Kevin,
Thanks for the advice, however we had to enter CPCONFIG and activate the
"Enable Checkpoint Cluster XL and State Synchronization" and the "Would you
like to enable the High Availabilty module" options.
I don�t know why they were not set after the upgrade.
Thanks,
Alex
[EMAIL PROTECTED]
rvicing.com To: [EMAIL PROTECTED]
cc:
27/01/2004 15:38 Subject: Re: [FW-1] Problems with
VPN and AI R55 in IPSO 530 with Cluster
Alex,
I know this may sound stupid, but check your Nokia Cluster config. I had
to switch from Muticast to forwarding. For some reason the Cisco 3548's in
front, behind, and on the sides did not like the multicast coming from the
IP 530's. Once I switched to Forwarding in the cluster I was able to hit
the virtual addresses.
You can check the clustering by stoping the FW services (fwstop) and ping
the virtual address. Make sure your Internet side isn't plugged in as this
will leave you WIDE open.
For what it's worth,
kevin
Alex Mandina
<[EMAIL PROTECTED] To:
[EMAIL PROTECTED]
COM.BR> cc:
Sent by: Mailing list for Subject: [FW-1]
Problems with VPN and AI R55 in IPSO 530 with
discussion of Firewall-1 Cluster
<[EMAIL PROTECTED]
.US.CHECKPOINT.COM>
01/27/2004 10:27 AM
Please respond to Mailing
list for discussion of
Firewall-1
Hi,
We had the following configuration:
Two Nokia IP530 boxes with VRRP, IPSO 3.6 FCS7 and NG FP3. The VPN worked
fine.
We removed one of the IP 530 boxes, installed another manager with AI R55
and imported the FP 3 configuration. The IP530 was upgraded to IPSO 3.7
release 32 and AI R55. The installation and functionality of firewall, VPN
and Floodgate were all OK.
The problem begun when we configured and activated the Cluster in the
IP530, the VPN stop responding and we got an "Error Communicating with
Gateway" message on all VPN clients. The firewall and Floodgate functions
kept working fine. If we remove the Cluster configuration the VPN starts
working again.
The other IP530 box was left unchanged, and we are using it (NG FP3) at
this moment.
Thanks,
Alex Mandina
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
