We have a Checkpoint HA cluster currently configured with two SPLAT boxes (NG AI R55) that sits between the LAN and WAN/Internet. On the LAN (192.168.0.0/24) we have an AIX cluster configured with failover interfaces on both servers.
Basically, the failover interfaces on the AIX servers are configured with IPs from a different subnet than the LAN (let's say 10.1.1.1 and 10.1.1.2). The interfaces talk to each other with these IPs to make sure they are working in case a failover is required. Here is the problem: When one of the redundant interfaces sends an ARP request for the other IP, the SPLAT boxes send a proxy ARP for the address since they feel the destination address is somewhere outside their default gateway. Has anyone dealt with this sort of behavior before? Can I fix it with a route on the firewalls that sends 10.1.1.x traffic out the LAN interface? Or can I solve it from the cluster side by applying static ARP entries for the 10.1.1.x IPs on the AIX cluster members? Is it possible to just turn off proxy-arps for routing on the firewalls? And if so, will this affect the proxy ARPs required for Internet NATs configured on the firewalls? Any help is appreciated. Mike ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
