Hello, As far as I understand, what you have an active/standby cluster, please let us know if it is something else you are talking about.
The way such scenario is supposed to work is, when a failover occurs, the newly active cluster member should send a gratuituous ARP update to all perimeter devices, letting them know they should change their ARP tables and associate the corresponding IPs to the new MAC addresses. I have multiple customers with similar scenarios and a failover never disrupts communications, at least anything session related remains up and running while the first member goes down and the secondary takes charge of the traffic, only having a continuous ping going through the cluster you will see 2 or 4 packets lost, but it does not generate any downtime at all. That said, I believe there is something not working properly in your environment, I have never faced anything as you described, but I hope this info helps you understanding what you see is not expected behavior and change the way you are approaching the issue to find a solution... I'm thinking maybe something on the Internet gateway not being able to handle the ARP updates. Regards On Wed, Aug 11, 2010 at 1:32 AM, a bv <[email protected]> wrote: > Hi, > > Having a 2 FW-1 SPLAT R70 box and sometimes switching from one to the > makes an extra offline time cause of the arp. Cause the internet > gateway device (router, modem etc) has the first fws arp entry, not > the others one and also the new online taken box doesnt know its > gateway devices mac address. So for during the firewall switches what > arp-mac releated things can or must done to minimize the wait time and > problems? > > Regards > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Scanned by Check Point Total Security Gateway. > -- Sergio Alvarez CISSP | CCSE+ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
