identical problem to me:
I've got 6 nokia cluster (not VRRP) ispo 3.7, checkpoint R54, all of them with the same configuration, nokia clustering as 3rd party, 1 sync interface only for ipso (not in fw-1 topology), 1 sync interface both for ipso and chekpoint (in checkpoint topology and secondary for ipso clustering)
the problem: cpstat fw -f sync is fine on the first node, is running on the second node BUT: 0 sync packet in/out and sync in sync out are off
also checked cluster interface: on the 1st only ispo clustering packets, on the 2nd both clustering packages from fw-1 and ipso
also clusterxl running properly (status is ok but with problem on one node due to sync)
any idea ?
Steve Johnson wrote:
Do you have the cluster object defined with a sync network? Are you seeing the sync traffic on interfaces other than the interface you expect to see it on?
also make sure you have clusterxl enabled on both members of the cluster. verify by simply running cpconfig on both cluster members.
if the menu says, "Disable ClusterXL" then you know that it's configured to run.
Also, make sure that in the 3rd party configuration section of the cluster object, that you specific Nokia VRRP and uncheck all 3 check boxes. Next make sure that you properly define all VIP ip addresses in the Cluster Object's Topology Section.
-----Original Message----- From: Mailing list for discussion of Firewall-1 on behalf of Kim, Cameron Sent: Thu 11/18/2004 6:52 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [FW-1] Cluster Synchronization is not working 1st - Are you using ClusterXL or VRRP? 2nd - Are sync packets allowed in the ruleset on both firewalls? Check Smartview Tracker to see if you are dropping packets.
Cameron Kim Mitsubishi Digital Electronics America
-----Original Message----- From: Oliver [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: [FW-1] Cluster Synchronization is not working
Hi, The Cluster is formed by two nokias ipso3.8 with R55 for ipso3.8. When I use "fw ctl pstat" command the output is:
FW1
Sync: Version: new Status: Able to Send/Receive sync packets Sync packets sent: total : 34806028, retransmitted : 0, retrans reqs : 0, acks : 0 Sync packets received: total : 0, were queued : 0, dropped by net : 0 retrans reqs : 0, received 0 acks retrans reqs for illegal seq : 0 dropped updates as a result of sync overload: 0
FW2
Sync: Version: new Status: Able to Send/Receive sync packets Sync packets sent: total : 36133457, retransmitted : 0, retrans reqs : 0, acks : 0 Sync packets received: total : 0, were queued : 0, dropped by net : 0 retrans reqs : 0, received 0 acks retrans reqs for illegal seq : 0 dropped updates as a result of sync overload: 0
Note that "Sync packets received: total: 0" is not normal. In SmartView Status everything is fine. I use tcpdump in the sync interface and I dont see anything, but there is connectivity in the sync interface (ping is done). Cpstop and cpstart dont fix the problem. Anybody can help? Thanks a lot Oliver
_________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
