Hi, The other thing that I can think of, are you using a separate IP to nat/hide the bluecoat? Perhaps proxy arp for this public IP on the outside of Nokia's is not working correct?
Regards, Werner -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of "Berg-Olsen, Børge" Sent: Monday, December 12, 2005 13:18 To: [email protected] Subject: Re: [FW-1] Nokia VRRP cluster and Blue Coat failover Hi, Yes, connection to the internet works from the L2 switch to the internet, and from a DMZ on the Nokia VRRP cluster. Thanks for your reply. -- Børge Berg-Olsen > -----Original Message----- > From: Brockhoven, Werner [mailto:[EMAIL PROTECTED] > Sent: 12. desember 2005 11:34 > To: [email protected] > Subject: Re: [FW-1] Nokia VRRP cluster and Blue Coat failover > > Hi, > > Can you verify the internet is still working from lets say > another system on the L2 switch as the firewall and bluecoat? > > Regards, > > Werner > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of "Berg-Olsen, Børge" > Sent: Monday, December 12, 2005 09:48 > To: [email protected] > Subject: [FW-1] Nokia VRRP cluster and Blue Coat failover > > Gurus of the list, > > We've two Nokia IP350's in VRRP mode and between these and > the LAN we have two Blue Coat (http://www.bluecoat.com/). > > We've set up the two BlueCoats in a failover mode and with a > software bridge. The inside interface of the Blue Coats are > on a L3 switch, and the outside interfaces are on a L2 switch. > > The Nokia VRRP cluster inside interfaces is on the same L2 > switch as the Blue Coat outside interfaces. > > Whenever I pull the inside interface of the master Blue Coats > the master fails over to the slave and the connection to the > Internet is not broken. When I pull the outside interface of > the master Blue Coat the master fails over to the slave and > the connection to the Internet is not broken. > > However, when I pull the inside interface of the firewall > master, the firewall master fails over, but the connection to > the Internet is broken presumably because the Blue Coat does > not know where to send the packets. Even if I wait for 5 > minutes or more. > > A fw monitor on the Nokia VRRP master shows the traffic > hitting it, and routed the right way. The reply back to the > internal LAN is lost. Probably on the Blue Coat. > > To me it looks like an ARP issue and I've looked into > static-fwtable-entry on the Blue Coat and tried to set them > accordingly on the outside port of the bridge on each Blue > Coat. I've tried both the VMAC of the Nokia VRRP cluster and > the physical MAC of the inside interfaces ofthe Nokia VRRP > cluster, but the problem still prevails. > > Have anyone experienced the same problem and can advise me on > a solution to the problem? > > -- > Børge Berg-Olsen > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an > email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription > options, email [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an > email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription > options, email [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
