Re: [FW1] VRRP question

[dgrabowski@FW1-NOSPAMsystemarts.com]

I'll answer the last question (because it's the easiest and I've done it)

Reboot the master firewall.

I've established a long FTP session through the firewalls and then bounced
the master. The easiest way to "see" the traffic is to establish a
command-line ftp session with "hash" turned on.

Upon bouncing the master, a small (<.5 sec) delay would occur, at which
point the backup firewall takes over. Once the reboot is complete, a longer
(maybe 1 sec) delay occurs as the primary firewall takes over again.

Dave Grabowski
System Arts, Inc.dgrabowski@systemarts.com


                                                                                                                                                 
                    Francisco Cabral                                                                                                             
                    <francisco.cabral@Europesave.com>           To:     "Fw-1-Mailinglist (E-mail)" <fw-1-mailinglist@lists.us.checkpoint.com>   
                    Sent by:                                    cc:                                                                              
                    owner-fw-1-mailinglist@lists.us.chec        Subject:     [FW1] VRRP question                                                 
                    kpoint.com                                                                                                                   
                                                                                                                                                 
                                                                                                                                                 
                    03/23/2001 10:22 AM                                                                                                          
                                                                                                                                                 
                                                                                                                                                 





Hi,

I'm currently running FW1 4.1 SP3 + IPSO 3.3 on a HA environemment by using
VRRP.

I was reading an artice about configuring VRRP over monitored circuits and
in that article it was specified that, in order to check if the state
tables
of both firewalls are in sync, you should run the following commands:

netstat -na

If I understood correctily, this should show you that the hearbeat
interface
are communicating with each other on port 256

fw tab -t connections -s

If you run this command on both fws, you should have roughly the same # of
connections.

fw tab -t connections

You should see any connections mirrored on both fws.

My problem, as you probably already have guessed, is that I can't get
either
of the results expected. Any suggestions?

On the side, does anyone know how to test the VRRP failover remotely, i.e,
without taking the network cable of one of the interfaces? I've bringing
one
of the interfaces down but it gets right up again and the IPs don't have
the
time to failover.

Thanks in advance


Regards,

Francisco Cabral





================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================