Hi, Are you sure about Checkpoint does not support VLAN 802.1q with ClusterXL, on SPLAT and Solaris ? I have setup one inside a test environnement with Cisco 29xx switches and SPLAT modules, and it worked very well. See this SK about this : http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.d o?id=sk10640 http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.d o?id=sk7758 http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.d o?id=sk25813
Also, I have to say that number of interfaces on each SPLAT module should be the same. Individually, I had only setup ClusterXL with same hardware and exactly with the same configuration on each SPLAT module (I think it's the recommended way). Regards, -- Fabrice Barutel Administrateur réseau et sécurité [EMAIL PROTECTED] Date: Tue, 12 Sep 2006 17:03:54 +0530 From: Sudarshana Edirisinghe <[EMAIL PROTECTED]> Subject: Re: Mixing VLANs in Cluster checkpoint does not support vlan tagged interfaces in cluster. That why u are getting intermitant errors. ( This only applies to solaris and SPLAT anyway.) Things like crossbeam, notel, nokia (UTM boxes) supports this type of config. they have a secureknoledge article explaining the issue, can't remember the "SK" number though :) sin wrote: >Crist Clark wrote: > > >>I have someone at a VAR telling me they don't see a reason >>why this wouldn't work, but it doesn't seem to. I want to >>see if anyone here can give me a more firm yes or no before >>I pop for more hardware. >> >>I have a cluster with two nodes. The topology of both nodes >>lines up alright, but ClusterXL insists the primary node >>is always down even though all of the interfaces on both >>are all "UP." >> >>Now I suspect the reason for this is that even though the >>topologies match and everything is up, Check Point thinks >>the secondary is better since it has more interfaces up. >>The Primary has seven physical interfaces. Two of the >>interfaces are VLAN interfaces. The Secondary has nine >>physical interfaces. It has no VLAN interfaces. It's NICs >>do not support VLANs, but I've got plenty of these old >>cards. >> >> > > >what does dmesg say regarding check point ? or smartview tracker ? > >from my experience, checkpoint conunts physical interfaces, not logical >ones (like vlan tagged ifs) and it's not happy about it when the >physical interface count it's not equal on both machines (it's funny to >see checkpoint say in smartview tracker things like: too many interfaces >detected. as a side note i'm curious how it gets to that conclusion). > > >and also, cphaprob state and chpahprob -a if what do they say ? > > > > >>Anyone have a situation where cluster members have differing >>numbers of physical interfaces, but ClusterXL works? Or >>can anyone say for sure that they know this doesn't work? >> >> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
