Hi, Can you verify the internet is still working from lets say another system on the L2 switch as the firewall and bluecoat?
Regards, Werner -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of "Berg-Olsen, Børge" Sent: Monday, December 12, 2005 09:48 To: [email protected] Subject: [FW-1] Nokia VRRP cluster and Blue Coat failover Gurus of the list, We've two Nokia IP350's in VRRP mode and between these and the LAN we have two Blue Coat (http://www.bluecoat.com/). We've set up the two BlueCoats in a failover mode and with a software bridge. The inside interface of the Blue Coats are on a L3 switch, and the outside interfaces are on a L2 switch. The Nokia VRRP cluster inside interfaces is on the same L2 switch as the Blue Coat outside interfaces. Whenever I pull the inside interface of the master Blue Coats the master fails over to the slave and the connection to the Internet is not broken. When I pull the outside interface of the master Blue Coat the master fails over to the slave and the connection to the Internet is not broken. However, when I pull the inside interface of the firewall master, the firewall master fails over, but the connection to the Internet is broken presumably because the Blue Coat does not know where to send the packets. Even if I wait for 5 minutes or more. A fw monitor on the Nokia VRRP master shows the traffic hitting it, and routed the right way. The reply back to the internal LAN is lost. Probably on the Blue Coat. To me it looks like an ARP issue and I've looked into static-fwtable-entry on the Blue Coat and tried to set them accordingly on the outside port of the bridge on each Blue Coat. I've tried both the VMAC of the Nokia VRRP cluster and the physical MAC of the inside interfaces ofthe Nokia VRRP cluster, but the problem still prevails. Have anyone experienced the same problem and can advise me on a solution to the problem? -- Børge Berg-Olsen ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
