Hi, Is IGMP snooping enabled at the switch? If yes, try with disabled IGMP snooping.
Regards, Markus Am 13.04.2006 10:20 Uhr schrieb "Alexander Simbun" unter <[EMAIL PROTECTED]>: > Hi, > > Using cross cable certainly works but at this moment these two > enforcements are located on separated location which connected through > Cisco 6500 series. I had allocated a dedicated VLAN for heartbeat. So, > any idea why this thing happens? > > Thanks, > > Regards, > > Al. > > > Bhavin Gandhi wrote: >> Did u try using a cross cable for sync interface? >> >> >> >> -----Original Message----- >> From: Mailing list for discussion of Firewall-1 >> [mailto:[EMAIL PROTECTED] Behalf Of >> Alexander Simbun >> Sent: Thursday, April 13, 2006 10:15 AM >> To: [email protected] >> Subject: [FW-1] firewall synchronization not properly working on >> RainWall/CheckPoint'sfirewallcluster >> >> >> Dear experts, >> >> I had a problem with our firewall cluster which doesn't work properly >> due to the synchronization error as stated below: >> >> *fwe3 firewall* >> Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 544343 kern.notice] CPHA: Found >> another machine with same cluster ID. There is probably another cluster >> Apr 13 11:05:40 fwe3xxx.xxxx.xx connected to the same switch/hub as this >> one. >> Apr 13 11:05:40 fwe3xxx.xxxx.xx fw: [ID 407823 kern.notice] CPHA: This >> is an illegal configuration. Each cluster should be connected to another >> set of switches/hubs. >> >> The firewall's H.A link detected that its partner is down. >> >> Cluster Mode: Sync only (OPSEC) >> >> Number Unique Address Firewall State (*) >> >> 1 10.1.0.1 down >> 2 (local) 10.1.0.3 active >> >> (*) FW-1 monitors only the sync operation and the security policy >> Use OPSEC's monitoring tool to get the cluster status >> >> and it is similar to fwe1 firewall as shown below. >> >> *fwe1 firewall >> >> *Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: Found another machine with >> same cluster ID. There is probably another cluster >> Apr 13 11:05:30 fwe1xxx.xxxx.xx connected to the same switch/hub as this >> one. >> Apr 13 11:05:30 fwe1xxx.xxxx.xx fw: CPHA: This is an illegal >> configuration. Each cluster should be connected to another set of >> switches/hubs. >> >> >> Cluster Mode: Sync only (OPSEC) >> >> Number Unique Address Firewall State (*) >> >> 1(local) 10.1.0.1 active >> 2 10.1.0.3 down >> >> (*) FW-1 monitors only the sync operation and the security policy >> Use OPSEC's monitoring tool to get the cluster status >> >> >> How to fix this? FYI, I'm using RainWall 3.1 SP5 and Check Point NG AI >> R55 HFA15. Please help me on this matter. >> >> Thanks very much. >> >> Regards, >> >> Al >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> >> The information contained in this electronic message and any attachments to >> this message are intended for the exclusive use of the addressee(s) and may >> contain proprietary, confidential or privileged information. If you are not >> the intended recipient, you should not disseminate, distribute or copy this >> e-mail. Please notify the sender immediately and destroy all copies of this >> message and any attachments. >> >> WARNING: Computer viruses can be transmitted via email. The recipient should >> check this email and any attachments for the presence of viruses. The company >> accepts no liability for any damage caused by any virus transmitted by this >> email. >> >> www.wipro.com >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> >> > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= Markus Kohlmeier DTS Service GmbH Geschäftsbereich Managed Service IT Security Team Tel: +49 5221 / 101 2722 Fax: +49 5221 / 101 1001 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
