To: fw-1-mailinglist
We have 2 nokia 440 (ipso 3.3 and CP 4.1 sp3) sets (of 2)one set in one side
of the country and another set on the other side. Both sets are setup with
VRRP and a sync.conf file with only the opposite sync address in them as well
as SyncMode=TCP sync
If I un-NAT any IP or IP range OR I disable 1 of my firewalls from state-sync,
I have zero UDP problems. If either of those is enabled I have no UDP sync and
my UDP connections disconnect via the timeout setting in the policy
properties. Nokia tech support and Checkpoint techsupport are no help on this.
Ideas?
Yes this is the case on both pairs yes we have bumped up all kernal mem
settings,hash sizes etc. the second group of FW's has a tiny NAT table and the
first group a huge one, however the symptoms are identical.
Time is in sync. Interfaces are talking properly. I see connections in fw tab
-t connections that mach on both walls...etc.etc.etc.
I just can't believe that no one has run into this one yet. I would love to
hear some input/ideas on this one.
IGHOG
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
