[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] VRRP question
I'll answer the last question (because it's the easiest and I've done it) Reboot the master firewall. I've established a long FTP session through the firewalls and then bounced the master. The easiest way to "see" the traffic is to establish a command-line ftp session with "hash" turned on. Upon bouncing the master, a small (<.5 sec) delay would occur, at which point the backup firewall takes over. Once the reboot is complete, a longer (maybe 1 sec) delay occurs as the primary firewall takes over again. Dave Grabowski System Arts, [email protected] Francisco Cabral <[email protected]> To: "Fw-1-Mailinglist (E-mail)" <[email protected]> Sent by: cc: [email protected] Subject: [FW1] VRRP question kpoint.com 03/23/2001 10:22 AM Hi, I'm currently running FW1 4.1 SP3 + IPSO 3.3 on a HA environemment by using VRRP. I was reading an artice about configuring VRRP over monitored circuits and in that article it was specified that, in order to check if the state tables of both firewalls are in sync, you should run the following commands: netstat -na If I understood correctily, this should show you that the hearbeat interface are communicating with each other on port 256 fw tab -t connections -s If you run this command on both fws, you should have roughly the same # of connections. fw tab -t connections You should see any connections mirrored on both fws. My problem, as you probably already have guessed, is that I can't get either of the results expected. Any suggestions? On the side, does anyone know how to test the VRRP failover remotely, i.e, without taking the network cable of one of the interfaces? I've bringing one of the interfaces down but it gets right up again and the IPs don't have the time to failover. Thanks in advance Regards, Francisco Cabral ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|