Echoing Khieven's sentiments, in your configuration, you really should have spearate heartbeat and sync interfaces in your active/active config -- otherwise mass havok may ensue.
Best of luck! ______________________________________ Michael E. Natkin Security Engineer, NJ/PA Check Point Software Technologies, Inc. [EMAIL PROTECTED] Mobile: 570-371-8355 Skype / Yahoo / AIM: menatkin MSN Messenger: [EMAIL PROTECTED] This information is intended only for the person to whom it is addressed and may contain confidential material. If you are not the intended recipient, you are hereby notified that any action taken upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Khievhen TEA Sent: Friday, March 28, 2008 4:28 AM To: [email protected] Subject: Re: [FW-1] Checkpoint synchronization interface ip address assistance needed Hello, You are using an Active/Active cluster, as you talked about Checkpoint and Nokia, I think you are also using IP Cluster. Are you using the same network for the Checkpoint synch and the IPSO Cluster Protocol? In this case you should have trouble. I am also using /30 for my Checkpoint synch network and I have never experimented any issues with that. But I am using Nokia VRRP Master/Slave. So if you have any informations from both Nokia and Checkpoint regarding this, I would be grateful. Best regards, Khievhen 2008/3/28, cisco4ng <[EMAIL PROTECTED]>: > > I have lot of issues with out-of-state packet and sqlnet traffics not > working > one day and work the next. Lot of intermittent issues. > > Once I started changing the sync interface from/30 to /28, everything has > been working fine for the past 2 weeks. There were NO changes on the > servers side. > > I am using ClusterXL Active/Active unicast mode. I just remembered having > this conversation years ago with Checkpoint/Nokia so I am trying to find > the > documentation for it. > > > sin <[EMAIL PROTECTED]> wrote: cisco4ng wrote: > > Can someone help me with this issue? > > > > I remembered having this conversation with both Nokia > > and Checkpoint engineers when we rolled out Checkpoint > > NG Feature Pack 3 on Nokia platforms. I recalled > > that both engineers Checkpoint and Nokia told me > > that the "SYNC" interface must have at least /28 > > netmask. In other words, it must have at least > > 255.255.255.240 netmask. For example, my sync > > interface must be at least 10.0.0.0/255.255.255.240. > > I recalled that the engineers told that by by having > > the "SYNC" interface with a netmask of /29, /30 will > > cause stability issues. > > > > Can anyone tell me where I can find this documentation? > > all the 2 member clusters I installed starting with NG-AI were setup > with a /30 and they work fine till this day. what problems are you > experiecing ? > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > > --------------------------------- > Looking for last minute shopping deals? Find them fast with Yahoo! > Search. > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
