The problem is symptomatic of something not set right at the MDS levels in case you are getting the issues related to SIC between multiple pair of CMA's.
***In P-1 env, try doing every thing through the MDG, MDG, MDG - why, because at the command line, you can always miss on setting up your proper environment. Let us say, you do 'fwm sic_reset' thinking you are doing for the CMA but you actually happen to be in MDS env, this will actually reset SIC at the MDS level which CP does not even support because it botches up your entire MDS (HA)env.*** You log into the Primary CMA Smartdashboard of the problem pair. Edit properties on the 'Primary CMA' object and look at the DN string in the communication box. It should have 'o=...' pointing to the name of the CMA (If not, it may point to the MDS name instead. Please verify and let me know and I shall suggest some steps to resolve this part later). Now edit the properties on the secondary CMA object and check the DN string - is it blank or has O= pointing to the Primary CMA which it should be -- the CN will be of course its own name like <HA-CMA_NAME>. Please let me know what you see. In the meanwhile, here are the suggested steps to resolve the issue: >From within the Primary CMA Smartdashboard, right click your HA-CMA object and delete it. Do file>save and exit Smartdashboard. Now back to MDG, right click on the HA-CMA and remove it. Recreate the HA CMA back in MDG again and let me know if that resolves your issue. If there is nothing basically wrong with your MDS level sic, this should resolve the issues and you can take the same steps in regard to your other pair of CMA's. Hope this helps. Rajeev Gupta Senior Network Engineer MCI Managed Security Services -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Dong Lin Sent: Monday, January 31, 2005 11:06 PM To: [email protected] Subject: [FW-1] How to initiate SIC between a HA pair CMAs I have setup a few CMA HA pairs. Some form the HA pair with no problem (active:standby). Some are not forming HA pair at all. The problem seems related to their SIC communication. How do I initiate SIC between a CMA pair ? If it is at management server level, will the reset SIC mess up the working HA pair ? Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
