First of all thank you to Reinhard Stich for helping me out with some initial questions.
I just replaced a faulty IP 330 in a HA cluster we have on a production site. It's NG FP3 and this is the first time I've done anything but change the ruleset on our firewalls and without any consultants, so I just need to make sure I did everything correctly. The steps I did were as follows: 1. Downgraded IPSO and FW-1 on the new firewall (call it prod-b) to make it identical to the one I were replacing 2. Backed up through Voyager the config from the original prod-b, restored that to the new prod-b 3. Detached all licenses from prod-b 4. Deleted prod-b from the cluster in Smartdashboard 5. Created the new prod-b in Smartdashboard 6. Added prod-b to the cluster 7. Established SIC 8. Attached the licenses 9. Installed policies. Everything seems OK, but in Smartview Status there's an error for ClusterXL on prod-b. Comparing the status column for prod-a and prod-b reveals that the only difference is that for prod-b, Running Mode is set to N/A. Also, occasionally in Smarview Status the following errors appear: "<date> drop <prod-a node IP> > eth-s2p1c0 spoofalert product: VPN-1 & Firewall-1; src: 172.16.16.1; S_port 123; dst: 172.16.16.2; service: 123; proto: udp; message_info: cluster member IP is being spoofed;" *.16.1 is the sync interface on prod-a firewall and *.16.2 is naturally the sync on prod-b. Can anyone help me figure this one out? -- Stig Bull System Administrator, Hugin ASA http://www.hugincorporate.com Phone: +47 22 80 79 89 Mobile: +47 91 60 88 74 Fax: +47 22 80 79 79 - Your reputation connects through Hugin ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
