First, answers to your questions: 1. It is a supported configuration. 2. So long as 192.168.116.70 IP address is not assigned to any other CMA on 'container2', and your MDS Managers are able to talk back and forth to this IP'd CMA (meaning routing is configured which appears okay per your description), there is no danger of any corruption in MDS database at the global level.
Here are some details to help understand logic: - Check Point does not say you cannot assign a particular IP to a CMA. The reason you have a particular network assigned to one container and another to another of your containers for CMA's is purely a logical administration decision for ease and coherent configuration. However, as examplified in your description, some mistakes can still happen from administration perspective - like someone created a CMA with IP 192.168.116.70 on container1 instead of creating it with some IP out of 192.168.115.0/24network IP. Had it been detected right off, it could have been better to delete the CMA and create a new one with an IP from 192.168.115.0/24netblock. The inherent danger of this mistake is a chance that some how you would end up with a CMA on 'container2' with the same IP as 192.168.116.70. However, P-1 would popup an error on any attempt to create a CMA with 192.168.116.70 if your MDS Managers are in the same domain. However, if your 'MDS' Managers 1 and 2 manage 'container1' and 'container2' independently and you have 192.168.116.70 assigned to two separate CMA's in each of the MDS Manager's domain, you can have issues because of underlying routing may make this 192.168.116.70 CMA on MDS Manager1 send its status info to MDS Manager2 - as a simple example. - The symptoms that you describe in your P-1 env with CMA's dying/crashing for no reason could be due to several reasons not neccessarily associated w/ this mixup in the IP assignment. For one FP3 P-1 had lot of performance related issues wrt to cpd specifically but even for 'fwm' as well. And on top, if you have configurations which are not optimized such as large size of logs/database revisions backed up on each CMA, you can end up with the kind of issues that you have been seeing. It is hard to say what is causing w/o doing sufficient debugging perhaps. So, finally, please ensure there is no duplicity for 192.168.116.70 in your P-1 environment and so long you can take care of that, it should not cause you concern to rule out this as the main cause of crashes you have been seeing. Cross check w/ CP Support/RnD and they should help in understanding the behavior of your CMAs. Thanks, Rajeev On 7/9/07, cisco4ng <[EMAIL PROTECTED]> wrote:
I need help in resolving this issue: Environment: Provider-1 NG Feature Pack 3 with HFA_318 running on Solaris 9. 1) I have an MDS manger with IP address of 192.168.115.9/24 2) I have an MDS manager with IP address of 192.168.14.8/24 3) I have an MDS container-1 with ip address of 192.168.15.10/24 4) I have an MDS container-2 with ip address of 192.168.116.8/24 Network 192.168.115.0/24, 192.168.14.0/24 and 192.168.116.0/24 connected to a router and the router has the ip address: 192.168.115.1/24 192.168.14.1/24 secondary 192.168.116.1/24 secondary so everything is routed by the router and mds can talk to each other. So far so good. About 2 years ago, someone went in and created a CMA with an IP address of 192.168.116.70 but she assigned that CMA to conatainer-1. As you can see the container-1 has an IP address of 192.168.115.10 with a netmask of /24 and the broadcast is 192.168.115.255. In other words, this CMA should be assigned to container-2 (192.168.116.8) instead of container-1. Everything is working; however, I've seen a lot of weird issues in our MDS infrastructure in the past two years. My question is this: 1) Is this an unsupported configuration? 2) Will it cause damage to the MDS such as database corruption, CMA corruption, etc? The reason I asked this is because I've seen quite a few times where some other CMAs just crash and fail to startup again and the only way to fix it is to restore the CMA. Other times, other CMAs just stop working for no reasons and it requires "mdsstop_customer xxxx" and "mdsstart_customer xxxx" several times to get it working again. Can someone comment on this? Thanks. --------------------------------- No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
