Hello Hugo. Thanks for your help. Answering your questions:
Is there a relation between these ports? (like ftp, some sql servers, ....) I don't believe so, all the guy in charge of the firewalls has told me is this something new in the network, they have some web services accesing those servers in the DMZ over those 100XX ports for a particular app, but they never mentioned anything about regular known apps such as FTP, SQL, etc. Did you check with ` fw ctl zdebug drop` on both nodes? Not yet, although I'm expecting for the guy in charge do get those today at some point. Can you fw monitor this traffic on both nodes at the same time? Actually it was while doing fw monitor captures on both members at the same time that it was dicovered the fact traffic going through the pivot had no problems, while going through the other cluster member the delay was experienced. Nothing weird was found there and apparently all 4 instances of each packet were shown, that's why I'm not having much expectation on getting a lot from the zdebug. Can you reproduce the issue in a lab environment? Unfortunately don't have the means to reproduce the whole scenario. Regards On Thu, Aug 25, 2011 at 6:02 AM, Hugo van der Kooij < [email protected]> wrote: > On Tue, 23 Aug 2011 15:37:34 -0600, Sergio Alvarez <[email protected]> > wrote: > > Hello. I have in my hands a very weird issue, that have never seen before, >> and was hoping some of you guys might have suggestions about it. >> > > Mostly questions. > > > - Traffic goes over TCP ports 10039, 10040, 10050. >> > > Is there a relation between these ports? (like ftp, some sql servers, ....) > > > - No drops are shown in the logs. >> > > Did you check with ` fw ctl zdebug drop` on both nodes? > > Can you fw monitor this traffic on both nodes at the same time? > Can you reproduce the issue in a lab environment? > > Hugo. > > -- > [email protected] http://hugo.vanderkooij.org/ > PGP/GPG? Use: > http://hugo.vanderkooij.org/**0x58F19981.asc<http://hugo.vanderkooij.org/0x58F19981.asc> > > > Scanned by Check Point Total Security Gateway. > > ==============================**=================== > To set vacation, Out-Of-Office, or away messages, > send an email to > [email protected].**checkpoint.com<[email protected]> > in the BODY of the email add: > set fw-1-mailinglist nomail > ==============================**=================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/**services/mailing.html<http://www.checkpoint.com/services/mailing.html> > ==============================**=================== > If you have any questions on how to change your > subscription options, email > [email protected] > ==============================**=================== > -- Sergio Alvarez CISSP | CCSE+ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
