Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Stonebeat HA problem

To: Pedro Fernandes <[email protected]>
Subject: Re: [FW1] Stonebeat HA problem
From: Carric Dooley <[email protected]>
Date: Mon, 12 Mar 2001 12:16:55 -0500 (EST)
Cc: "[email protected] (E-mail)" <[email protected]>
In-reply-to: <[email protected]>
Sender: [email protected]

I think it may be your hub (I bet you are not using a switch).

The fix: either don't reboot, or use a switch.  

I am wroking with a pair of firewalls that is on a hub and it takes a few
minutes for them to start responding when failing over after a reboot.  
Snoop put's the interface into promisc and that is why it starts accepting
traffic.  Try waiting for 5 to ten minutes instead of using snoop and see
if it starts working.

I haven't really pondered why this is at this point, since a hub doesn't
have any intellegence and doesn't cache the mac address or anything like
that.


Carric Dooley
Senior Consultant
COM2:Interactive Media

"But this one goes to eleven."
-- Nigel Tufnel


On Fri, 9 Mar 2001, Pedro Fernandes wrote:

> 
> Hello,
> 
> I'm installing the Stonebeat HA version 3.1 and I have the following
> configuration:
> 
> Hardware:
> 2 Sun Servers 220R with 1 Quad cards. I use qfe0 - qfe2 to connect to our
> network segments through the switches and use a cross over UTP cable to
> connect the hme0 network cards together. I also use serial link between the
> two Firewalls or heartbeat. The external interfaces qfe0 and qfe2 have the
> same MAC address on both nodes.
> 
> Software:
> Solaris 2.6
> CheckPoint FW-1 V4.1
> StoneBeat V3.1
> 
> Problem:
> 
> I can reboot/shutdown the PRIMARY and the network is still OK because the
> SECONDARY automatically changes it's status from OFFLINE to ONLINE. All I
> need to do then is to manually switch the PRIMARY back from OFFLINE to
> ONLINE after the reboot. The problem is that when the primary comes back
> ONLINE I lose connectivity on the external interfaces and I only can get it
> back by starting a snoop command on that interface (at least was the only
> way I found out). The same happens if I reboot the SECONDARY and switch to
> ONLINE after the reboot. Then the external interfaces are unreachable until
> I start a snoop.
> 
> Have anybody saw something like this? Does it make any sense, to get back
> the connectivity after starting a snoop?
> 
> Regards,
> 
> Pedro Fernandes
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Stonebeat HA problem
  - From: "Pedro Fernandes" <[email protected]>

Prev by Date: [FW1] LDAP query on Gloabl Catalog Directory on Win2K through the FW1
Next by Date: [FW1] Fw-1 4.1-SP3 and SR build 4157
Previous by thread: Re: [FW1] Stonebeat HA problem
Next by thread: [FW1] Securemote and Stonebeat again.
Index(es):
- Date
- Thread