checkpoint does not support vlan tagged interfaces in cluster. That why
u are getting intermitant errors.
( This only applies to solaris and SPLAT anyway.) Things like crossbeam,
notel, nokia (UTM boxes) supports this type of config.
they have a secureknoledge article explaining the issue, can't remember
the "SK" number though :)
sin wrote:
Crist Clark wrote:
I have someone at a VAR telling me they don't see a reason
why this wouldn't work, but it doesn't seem to. I want to
see if anyone here can give me a more firm yes or no before
I pop for more hardware.
I have a cluster with two nodes. The topology of both nodes
lines up alright, but ClusterXL insists the primary node
is always down even though all of the interfaces on both
are all "UP."
Now I suspect the reason for this is that even though the
topologies match and everything is up, Check Point thinks
the secondary is better since it has more interfaces up.
The Primary has seven physical interfaces. Two of the
interfaces are VLAN interfaces. The Secondary has nine
physical interfaces. It has no VLAN interfaces. It's NICs
do not support VLANs, but I've got plenty of these old
cards.
what does dmesg say regarding check point ? or smartview tracker ?
from my experience, checkpoint conunts physical interfaces, not logical
ones (like vlan tagged ifs) and it's not happy about it when the
physical interface count it's not equal on both machines (it's funny to
see checkpoint say in smartview tracker things like: too many interfaces
detected. as a side note i'm curious how it gets to that conclusion).
and also, cphaprob state and chpahprob -a if what do they say ?
Anyone have a situation where cluster members have differing
numbers of physical interfaces, but ClusterXL works? Or
can anyone say for sure that they know this doesn't work?
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
**********************************************
The information contained in this email is confidential and is meant to be read
only by the person to whom it is addressed.
Please visit http://www.millenniumit.com/legal/email.htm to read the entire
confidentiality clause.
**********************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
