NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] High Availability



Hi all,

I'm in the process of setting up checkpoints HA solution.  For some reason,
the secondary firewall keeps saying "initializing", and never goes to the
status of "standby".  At one point, I had to reboot the main firewall, and
as soon as it went down, the secondary firewall took over, and things went
like they should.  As soon as the primary firewall came back on line, it
took back over and the secondary firewall went back to "initializing".  If I
do a snoop of the non-secure interfaces of the secondary firewall, I get the
following...

unixtest1 -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
OLD-BROADCAST -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
  unixtest1 -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
OLD-BROADCAST -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
  unixtest1 -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
OLD-BROADCAST -> 192.168.189.0 UDP D=8116 S=8116 LEN=48
  unixtest1 -> 192.168.189.0 UDP D=8116 S=8116 LEN=48

with one exception....one of the interfaces (qfe0) shows a bunch of
traffic..it looks like it is seeing everything.  The interface that shows
all the traffic was used as the secure interface in the test environment,
but that has been changed.  I'm wondering if for some reason, the machine
still things that the secure interface is still that interface.  Is there a
file I can look at that will tell me what it thinks is the secure interface
?  When I run cpconfig, and look at the secured interface, it shows the
correct one (qfe4).  The interface that shows all the traffic is our
internal routable subnet, if that makes a difference.

Any help would be great.

Thanks....


_________________________________________________________________ Join the world?s largest e-mail service with MSN Hotmail. http://www.hotmail.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.