I think it may be your hub (I bet you are not using a switch).
The fix: either don't reboot, or use a switch.
I am wroking with a pair of firewalls that is on a hub and it takes a few
minutes for them to start responding when failing over after a reboot.
Snoop put's the interface into promisc and that is why it starts accepting
traffic. Try waiting for 5 to ten minutes instead of using snoop and see
if it starts working.
I haven't really pondered why this is at this point, since a hub doesn't
have any intellegence and doesn't cache the mac address or anything like
that.
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
-- Nigel Tufnel
On Fri, 9 Mar 2001, Pedro Fernandes wrote:
>
> Hello,
>
> I'm installing the Stonebeat HA version 3.1 and I have the following
> configuration:
>
> Hardware:
> 2 Sun Servers 220R with 1 Quad cards. I use qfe0 - qfe2 to connect to our
> network segments through the switches and use a cross over UTP cable to
> connect the hme0 network cards together. I also use serial link between the
> two Firewalls or heartbeat. The external interfaces qfe0 and qfe2 have the
> same MAC address on both nodes.
>
> Software:
> Solaris 2.6
> CheckPoint FW-1 V4.1
> StoneBeat V3.1
>
> Problem:
>
> I can reboot/shutdown the PRIMARY and the network is still OK because the
> SECONDARY automatically changes it's status from OFFLINE to ONLINE. All I
> need to do then is to manually switch the PRIMARY back from OFFLINE to
> ONLINE after the reboot. The problem is that when the primary comes back
> ONLINE I lose connectivity on the external interfaces and I only can get it
> back by starting a snoop command on that interface (at least was the only
> way I found out). The same happens if I reboot the SECONDARY and switch to
> ONLINE after the reboot. Then the external interfaces are unreachable until
> I start a snoop.
>
> Have anybody saw something like this? Does it make any sense, to get back
> the connectivity after starting a snoop?
>
> Regards,
>
> Pedro Fernandes
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
